Mozilla fixes Firefox holes, curtails clickjacking

Mozilla released two new versions of its browser on Tuesday, Firefox 3.6.9 and Firefox 3.5.12, to close 10 critical security vulnerabilities in each and to help Web site operators block a risk called clickjacking.

Critical vulnerabilities can let a remote attacker run arbitrary code on a computer. With Web browsers becoming both more important and more powerful, browser makers must constantly watch for new attack possibilities.

Firefox 3.6 also gets a new general approach to cut down browsing risks: support for what's called the X-Frame-Options HTTP response header. Web site developers can use this technology to block browsers from showing their Web sites inside a frame - essentially a smaller window within the browser window. Putting a legitimate site inside a frame on a malicious site is one approach for attacks called clickjacking, in which the malicious site can capture keystrokes such as usernames and passwords.

For the new versions of Firefox 3.5 and 3.6, 9 of the 10 critical vulnerabilities are the same, but one problem on 3.5 is minor on 3.6, and one 3.6 problem didn't affect 3.5. In addition, several noncritical security vulnerabilities were patched. Full details are available on the security pages for 3.6.9 and 3.5.12.

Read more -here-

• YouTube's crackdown on adblockers makes videos unwatchable
• ICQ, one of the oldest instant messengers, is shutting down
• Amazon’s Project Kuiper begins to deorbit prototype broadband satellites
• Microsoft suffering from outage - Bing, Copilot, and DuckDuckGo inaccessible for several hours
• T-Mobile is raising prices on several of its plans
• SpaceX gets FCC License to use V4 Starlink dish for vehicles