The Mozilla Foundation and Opera Software ASA have released updates to their Web browsers to fix a series of security vulnerabilities.
Mozilla on Wednesday posted new versions of its Firefox browser, Thunderbird e-mail client and Mozilla suite that provide fixes to three issues. They include a newly reported critical vulnerability affecting multiple vendors’ software that uses the library for the Portable Networks Graphic (PNG) image format.
The other two issues, as previously reported, were related to the handling of security certificates in the Mozilla browsers that, among other things, could allow an attacker to lull users into a false sense of security on a site. Mozilla had said last week that fixes were forthcoming and decided to incorporate them in new versions of its browsers, said Chris Hofmann, the open-source group’s director of engineering. The new versions are Mozilla 1.7.2, Firefox 0.9.3 and Thunderbird 0.7.3.
Separately this week, Opera released a new version of its browser, Opera 7.54, to fix a set of security issues. They included a critical vulnerability reported in an advisory from GreyMagic Software that could allow an attacker to gain read-access to a user’s files and folders as well as to track browsing history and steal cookies.According to its version notes, Opera also fixed a reported spoofing issue that could allow page content to be loaded without the site URL changing, along with another URL vulnerability.
News Source eWeek