Skip to main content

Firefox 27 is out - Tuesday's second non-Patch-Tuesday update

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an update from Firefox 26 to Firefox 27.

 Adobe's update came early when the company became aware of a vulnerability that was already being exploited (a so-called zero day).

 Firefox's update is an as-expected release, but it neverthless closes the door on a number of so-far unexploited vulnerabilities.

 Security holes patched proactively in this way can never be zero days, at least in theory, but if you don't apply security fixes promptly when they become available, you run the risk of being hit by what might as well be a zero day: a working exploit that appeared before you had closed the hole.

Being Firefox's first update of 2014, its related Mozilla Foundation Security Advisories are conveniently numbered from MFSA 2014-01 to MFSA 2014-13, including four rated as Critical.

 Those are the bugs that might have led to remote code execution, without any user interaction, if left unpatched:

 Advisory ID Possibly exploitable problem addressed
MFSA 2014-01 Various memory management flaws
MFSA 2014-04 Buggy processing of images
MFSA 2014-08 More buggy processing of images
MFSA 2014-11 Crash in asm.js processing

 Asm.js is Mozilla's new and specially-defined speedy subset of JavaScript that is suitable for true compilation straight to machine code, thus skipping the slower use of the JavaScript interpreter.

 (The security hole wasn't a flaw in the asm.js concept itself, but rather a flaw in managing asm.js code objects.)

 Mozilla has also updated its Extended Support Release (ESR) versions, applying the security patches but not the numerous new product features and non-security-related changes that went into the "spearhead" version 27.

 Many organisations choose the ESR flavour of Firefox because its more conservative change schedule means sysadmins don't have to take on possibly disruptive changes in browser functionality (or website behaviour) just to stay on top of security patches.

 Firefox ESR moves to version 24.3.0.

 Grab the relevant version today if your browser isn't set up to do the grabbing for you...
Labels:

Comments

Post a Comment

Popular posts from this blog

Mario Balotelli: AC Milan reject claims the striker is about to leave

AC Milan have released a statement to deny speculation that Italy striker Mario Balotelli could leave in January. They were responding to reports in Italy that Milan president Silvio Berlusconi had decided to sell him. "AC Milan firmly and absolutely deny statements that have been attributed to the chairman about Mario Balotelli being put on the transfer list," the Serie A club's statement  said . The ex-Man City striker has scored six goals in 12 league games this season. He moved to the San Siro in January for an initial fee of 22m euros (£19m). Last season he racked up 12 goals for the seven-time European champions in only 13 Serie A appearances.
Post a Comment
Read more

Al-Jazeera demands Egypt release four journalists

  Qatar-based broadcaster Al-Jazeera has demanded the release of four of its journalists seized by Egyptian police in Cairo at the weekend. They include its Cairo bureau chief Mohamed Fadel Fahmy and former BBC correspondent Peter Greste. The journalists had held illegal meetings with the Muslim Brotherhood, the interior ministry said. Al-Jazeera said it had been "subject to harassment" although not officially banned from working in Egypt. There has been a crackdown on the Muslim Brotherhood since the army ousted President Mohammed Morsi in July. Last week it was declared a terrorist group. In the past six months, more than 1,000 pro-Morsi protesters have been killed in clashes with security forces, and thousands of Brotherhood supporters have been arrested, including the majority of its leadership. A court will hear a case to disband the Brotherhood's political wing, the Freedom and Justice Party (FJP), on 15 February. 'Arbitrary' The four journ...
Post a Comment
Read more

Justin Bieber all over Selena Gomez at party

Justin Bieber and Selena Gomez were all over each other at a friend's birthday party. The 'Baby' hitmaker rented out the Lucky Strike bowling alley in Los Angeles on Sunday night for their pal Ryan Butler's intimate celebration, and couldn't keep his hands off the 'Come & Get It' singer at the party. A source told E! News: ''Justin rented out Lucky Strike's Luxe room for the celebration. Additionally, he was seen kissing and flirting with his on-and-off again girlfriend, Selena Gomez.'' The insider added: ''The group, of about 12 people in all, enjoyed some of Lucky Strike's Esteban's Nacho's Grande, Cheeseburgers and wings. Specifically, Justin was seen eating the Mac & Cheese bites.'' Ryan's girlfriend posted a photograph of Selena, 22, gazing at Justin, 20, on Instagram from the party. The Canadian star confirmed during a deposition last week that he has reunited with his on-again, off...
Post a Comment
Read more