The Mozilla Foundation has fixed a number of security bugs in its Firefox web browser, many of which will also be patched in upcoming releases of Mozilla’s Thunderbird e-mail client and Mozilla Internet software suite.
None of the bugs had been publicly divulged before Tuesday, and they are generally not considered to be critical, according to Chris Hofmann, director of engineering with The Mozilla Foundation.
“There are a collection of 10 reports that have come in over the past couple of months from security researchers,” he said. “Most of these involve quite a bit of user interaction to participate in the potential exploit.”
Still, the Foundation advises that all users upgrade to the new software, which also includes “stability” improvements, according to the Mozilla.org Web site.
The bugs are patched in version 1.0.5 of the Firefox browser. A Thunderbird update, also numbered 1.0.5 is expected Wednesday, Hofmann said. The patches will also be applied in version 1.7.9 of the Mozilla suite, which will be released sometime within the week, he said.
Oracle plans to combine two of its web services products to make it easier for developers to set security policies for applications built using its Oracle BPEL Process Manager software.
Because Oracle plans to combine the BPEL (Business Process Execution Language) tool with its Oracle Web Services Manager product, software developers will no longer have to spend as much time explicitly writing out security policies while using the BPEL Process Manager, said Prakash Ramamurthy, vice president of server technologies with Oracle. “We are providing a way for our customers to separate security from the applications developers,” he said. “The products now are aware of each other’s presence, so they will now be able to pass specific information to each other.”
Instead of purchasing a separate web services orchestration engine and security tool, customers will now be able to purchase a combined product, Ramamurthy said.
BPEL is a language based on XML (Extensible Markup Language) that gives developers a way of describing business processes as Web services. Developed by the Oasis Consortium, it expected to play an increasingly important role in online commerce.
Ramamurthy did not say when the combined product would be available or what it would cost.
News source: Techworld