The Firefox Web browser has apparently come of age, so to
speak. The latest security advisory from Secunia lists a whopping 21
vulnerabilities, and Mozilla has released a new
version of the browser.

Details

A slew of vulnerabilities has surfaced in the Mozilla
Firefox browser, affecting versions 0.x and 1.x. The threats involve multiple
critical cross-site scripting and phishing-related vulnerabilities, among
others.

Secunia lists the following threats in Security Advisory 19631, “Firefox
Multiple Vulnerabilities”: CVE-2006-0748,
CVE-2006-0749, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1725, CVE-2006-1726, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, and CVE-2006-1790.

The worst of these vulnerabilities would permit the
execution of arbitrary code on the victim’s machine.

Applicability

These vulnerabilities affect all older versions of Firefox,
beginning with version 1.5.

Risk level

Secunia has rated this group of vulnerabilities as highly
critical.

Fix

The only real way to
address this daunting array of threats is to upgrade to Firefox version 1.0.8 or 1.5.0.2,
depending on your product track.

Final word

If you’re a Firefox user, you need the upgrade. If you’re not
a Firefox user, don’t let this recent spate of vulnerabilities intimidate you.

The latest version of the browser is far more than a
vulnerability patch, and I suggest you check out the features it includes.
While I’m not that enthusiastic about the new automatic update tool feature because
of security reasons, many users will like it because it lets Firefox
automatically make small background updates to the product.

And don’t forget about extensions. There are currently more
than 1,400 available add-ons and scores of really neat extensions. For more
information, check out the Firefox Add-ons Web page,
which is itself in beta.

Also watch for…

  • If you’re
    wondering just how much more secure military systems are than the ones in
    your office, you need only check out the latest BBC
    reports     about the thriving business in flash cards and USB drives in
    Afghanistan. An apparent security breach at the U.S. Air Force base in
    Bagram has resulted in the appearance of these devices at the local bazaar—complete
    with whatever data they contain, a boon for reporters and terrorists
    alike.
  • Apple has
    released     an update for Java
    2 Standard Edition 5.0 Release 4    , which eliminates the Mac OS X 10.4.5
    workstation and server vulnerabilities that let attackers access
    vulnerable systems.
  • Oracle
    shops should be aware that the quarterly
    updates are now available    . The current update includes fixes for 14
    vulnerabilities.

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.