Firefox 3.6.14 Update Corrects 11 vulnerabilities
Summary:
· These vulnerabilities affect: Firefox 3.6 x and 3.5 x for Windows, Linux and Macintosh
· How an attacker exploits it: Typically by enticing one of your users to visit a malicious web page
· Impact: Various results; in the worst case, an attacker executes code on your user’s computer, gaining complete control of it
· What to do: Upgrade to Firefox 3.6.14 (or 3.4.17), or let Firefox’s automatic update do it for you
Solution Path:
Mozilla has released Firefox 3.6.14 and 3.5.17, to correct security vulnerabilities. If you use Firefox we recommend that you download and deploy version 3.6.14 as soon as possible. If for some reason you must remain with Firefox 3.5 x, make sure to upgrade to 3.5.17.
Note: The latest version of Firefox 3.6.x automatically informs you when a Firefox update is available. We highly recommend you keep this feature enabled so that Firefox receives its updates as soon as Mozilla releases them. To verify that you have Firefox configured to automatically check for updates, click Tools=> Options=>Advanced tab=>Update tab. Make sure that “Firefox” is checked under “Automatically check for updates.” In this menu, you can configure Firefox to always download and install any update, or if you prefer, only to inform the user that an update exists.
As an aside, attackers cannot leverage many of these vulnerabilities without JavaScript. Disabling JavaScript by default is a good way to prevent many web-based vulnerabilities. If you use Firefox, we recommend you also install the NoScript extension, which will disable JavaScript (and other active scripts) by default.
No comments:
Post a Comment