Most of the attention has been going to Microsoft and its Internet Explorer web browser for having a severe zero-day security hole fixed, but Microsoft wasn’t the only one hastily fixing its browser. Both Mozilla as well as Opera had to issue quick patches to fix several security flaws in their browsers.
The patches rushed out by Mozilla fix several severe security holes in Firefox 2.x and 3.x. These holes allowed crackers to run malicious code and install software on your machine without any user intervention, according to Mozilla. In addition, Firefox 18.104.22.168 will be the last release in the Firefox 2.x series, so Mozilla urges everyone to update to 3.x. The foundation’s phishing protection service is no longer available for Firefox 2.x users.
Opera also announced an update to its browser that fixes 7 severe security holes affecting all platforms. “The update fixes seven security bugs, some of which were previously known. Version 9.63 of the browser addresses separate code injection risks stemming from flaws in HTML parsing and text inputing, respectively. A critical bug with similar arbitrary code injection risks involving the handling of long host names in files has also been patched. The latest version of the software also lances a cross-site scripting flaw, involving XSLT templates, as well as bugs in feed preview.”
Most of the attention went to Microsoft however, who released a patch for a zero-day vulnerability in Internet Explorer 7 and previous versions. “The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” The update is being pushed via Windows Update.
So, whatever browser you’re running, chances are you’re going to need to update this week. Enjoy.