APRIL 30, 2006 (IDG NEWS SERVICE) - The open-source Mozilla project this week plans to release an update to its Firefox browser that will fix a publicly disclosed security issue in the software. News of the update came as developers also confirmed that they were dropping a highly anticipated bookmarking feature, called Places, from the next major Firefox release, due later this year.
Mozilla Corp. developers have yanked one of the most prominent features from the next version of their Firefox browser after deciding that it can’t be finished in time.
The feature, dubbed “Places,” was to be a rewrite of Firefox’s bookmarking system, and would have allowed users to search through both bookmarks and the browsing history log to locate sites. Places relies on SQLite, an open-source database engine, to store bookmarks and the history data.
APRIL 26, 2006 (TECHWORLD.COM) - Microsoft is investigating a new zero-day flaw in Internet Explorer that could put fully patched Windows systems at risk of takeover. Less serious bugs have also been reported in the Firefox and Safari browsers.
The IE bug, discovered by Michael Zalewski and posted on the full-disclosure mailing list on Sunday, could allow attackers to take over a system, Zalewski said.
Microsoft on Tuesday launched a site to promote Internet Explorer add-ons in an attempt to compete with Mozilla Corp.’s long-running site that specializes in extensions for the open-source Firefox browser.
The Add-Ons for Internet Explorer page hosts both free and for-a-fee add-ons to IE 6 and IE 7 Beta 2, and is organized in security, time saving, browsing, and entertainment categories. A search tool can be used to sift through the add-ons.
Barely two weeks after shipping an Internet Explorer security makeover to cover a wave of drive-by malware downloads, Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could be used in code execution attacks.
The Redmond, Wash. software maker confirmed it was investigating a warning posted on the Full-disclosure mailing list that the latest versions of IE causes various types of crashes when visiting Web pages with nested OBJECT tags.
APRIL 25, 2006 (COMPUTERWORLD) - Microsoft has released for free public download beta 2 of Internet Explorer 7 for Windows XP. This latest version of Microsoft’s next browser has few visible changes from the Beta 2 preview edition posted on March 20.
A zero-day vulnerability in a fully-patched and most-current version of Mozilla Corp.’s Firefox could be exploited to crash the browser at the least, and at the worst, possibly introduce malicious code, a security company warned Tuesday.
The bug, which first appeared on Mozilla’s Bugzilla listing a week ago on April 18, could be used by an attacker to crash Firefox by feeding it malformed JavaScript code.
Microsoft’s Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday.
In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.
Microsoft on Tuesday stripped the “Preview” label from Internet Explorer Beta 2 to roll out the first version of its new browser that the company will support with regular security updates.
Windows XP and Windows Server 2003 users will also be the first to get their hands on the final IE 7 later this year; Microsoft plans to release their edition before Windows Vista, which includes its own version of IE 7, ships in November.
hunderbird 1.5.0.2 provides stability and security enhancements that are part of our ongoing program to provide a safer email experience for our users. We recommend that all Thunderbird users upgrade to this latest version.
Here’s what’s new in Thunderbird 1.5.0.2:
* Improvements to product stability.
* Several security fixes.
* 1.5.0.2 does not include Universal Binary support for Mac OS X. We hope to have this ready for 1.5.0.3.
