Browser Flaws

Microsoft adds workaround for Internet Explorer bug

Dan Kaplan March 15, 2010

Microsoft is now offering an automated workaround to mitigate the Internet Explorer (IE) vulnerability it announced last week. The "Fix It" solution mitigates the bug "by disabling the peer factory class through the modification of a registry key," according to a Friday blog post. The flaw currently is being exploited in targeted attacks, the company said. The issue does not affect Microsoft's newest browser, IE 8. Even with the new workaround, Microsoft may release an out-of-band patch because its next scheduled security update is not due until April 13. — DK
 

Apple issues Safari 4.0.5 to fix 16 vulnerabilities

Angela Moscaritolo March 12, 2010

Apple has pushed out the latest version of Safari -- its first update to the web browser since November -- to close 16 holes.
 

Microsoft offers two fixes, but reveals a zero-day bug

Dan Kaplan March 09, 2010

Microsoft fixed eight vulnerabilities with two patches on Tuesday, but it also disclosed a new, zero-day Internet Explorer flaw that is being leveraged in active attacks.
 

Firefox issues 3.5.8 to address security issues

Angela Moscaritolo February 19, 2010

Mozilla this week updated two versions of its Firefox web browser to fix several security issues that could allow an attacker to execute arbitrary code or bypass security restrictions, according to the company's security advisories. Firefox versions 3.0.18 and 3.5.8 remediate three flaws that were rated "critical" and two rated "moderate" by Mozilla. The newest version of the browser, Firefox 3.6, is not affected. — AM
 

Microsoft responds to Black Hat talk with IE bug advisory

Dan Kaplan February 03, 2010

An Internet Explorer vulnerability revealed at this week's Black Hat conference in Washington, D.C. prompted Microsoft to issue an advisory on the issue.
 

Google to offer up to $1,337 for bug finds in Chromium

Dan Kaplan January 29, 2010

Google joins Mozilla by forming a bounty program for vulnerability discoveries in its web browser.
 

Chrome 4.0 released to address several flaws

Angela Moscaritolo January 26, 2010

Chrome 4.0.249.78 for Windows addresses 13 vulnerabilities, six of which are rated "high" in severity, according to Google's release notes.
 

Microsoft patches Internet Explorer hole used in spying

Dan Kaplan January 21, 2010

A "critical" Internet Explorer vulnerability, used as part of a mix of malware designed to steal sensitive intellectual property from major U.S. companies, was fixed on Thursday.
 

Microsoft to issue early patch for Internet Explorer flaw

Dan Kaplan January 19, 2010

A dangerous, zero-day vulnerability in Internet Explorer is getting an early fix, Microsoft announced Tuesday.
 

Mozilla closes critical bugs with Firefox 3.5.6

Angela Moscaritolo December 16, 2009

An updated version of Firefox closes a number of "critical" flaws, which could allow an attacker to crash a victim's browser or run arbitrary code.
 

Microsoft patch batch includes fix for zero-day IE flaw

Dan Kaplan December 08, 2009

Microsoft on Tuesday delivered six patches as part of its monthly security update, but only one -- addressing five flaws in Internet Explorer -- requires immediate deployment, experts said.
 

Microsoft slates six fixes for year's final Patch Tuesday

Dan Kaplan December 03, 2009

Microsoft's planned patches for Tuesday include a fix for a null pointer reference vulnerability in Internet Explorer, for which proof-of-concept code has been published.
 

Microsoft affirms vulnerability affecting Internet Explorer

Dan Kaplan November 24, 2009

Microsoft engineers are prepping a fix for a zero-day Internet Explorer version 6 and 7 flaw, while users are encouraged to apply workarounds as they await a patch.
 

Opera 10.10 released

Angela Moscaritolo November 23, 2009

Opera Software on Monday issued Opera 10.10 (Opera Unite) which fixes an "extremely severe" heap buffer overflow vulnerability that could cause the browser to freeze or terminate or lead to a crash that could be used to execute code, Opera said. The updated browser also fixes a separate "highly severe" issue with scripting error messages that could allow cross-site scripting, as well as a "moderately severe" issue, of which details will be disclosed at a later date. — AM
 

Apple releases update to Safari to close seven holes

Dan Kaplan November 12, 2009

Apple's latest Safari update, the sixth of the year, includes fixes for seven vulnerabilities.
 

Updated Mozilla Firefox browser corrects 16 flaws

Dan Kaplan October 28, 2009

Firefox 3.5.4 contains fixes for 16 security flaws.
 

Microsoft Patch Tuesday bonanza: 13 fixes for 34 flaws

Dan Kaplan October 13, 2009

Microsoft on Tuesday released a record amount of security fixes to remediate a number of dangerous issues, including two previously known vulnerabilities and several bugs in Windows 7.
 

Chrome 3.0 released

Angela Moscaritolo September 16, 2009

Google on Tuesday issued a new version of its browser, Chrome 3.0. The release, which comes on the heels of the browser's first birthday, fixes two security vulnerabilities. The bugs, one classified as "high" severity and other as "medium," could enable an attacker to inject JavaScript into a website. Google promised more information about the bugs once a majority of users are up to date. For users with previous versions installed, the update will be pushed out automatically. — AM
 

Firefox updated for security flaws

Chuck Miller September 10, 2009

The Firefox browser has been updated for four security flaws, three of which were rated as "critical."
 

Chrome updated

Dan Kaplan August 26, 2009

Google on Tuesday plugged three vulnerabilities in Chrome version 2. One of the vulnerabilities, ironically discovered by competing browser manufacturer Mozilla and which could enable malicious JavaScript to read unauthorized memory, received a severity level of "high." If exploited, an attacker could run arbitrary code inside the Chrome sandbox, a browser feature that runs applications in restricted environments. The updated Chrome version also fixes a high-severity XML vulnerability, and prevents the browser from reaching SSL sites signed with weaker MD2 and MD4 hashing algorithms. — DK
 

For fourth month in a row, Safari updated

Dan Kaplan August 12, 2009

The release of Safari 4.0.3 - the fifth browser update of the year from Apple - fixes six vulnerabilities.
 

New Firefox URL bug

Dan Kaplan July 31, 2009

Mozilla is working on a fix for a new URL spoofing vulnerability, announced this week, that can result in a phishing exploit. The flaw, which affects all versions of the Firefox browser, can be taken advantage of if a user visits a website hosting malicious code that automatically prompts a window or tab containing a bogus URL to open, according to an advisory. A user, unable to tell if the URL is authentic because it has been manipulated to appear legitimate, may disclose personal information to the malicious site. Mozilla recommends users only share data with trusted websites. — DK
 

Browser SSL warnings shown to be ineffective

Angela Moscaritolo July 28, 2009

New research shows that Secure Socket Layer warnings, used in web browsers to indicate a problem with a web page's certificate or the potential for a man-in-the-middle attack, are ineffective.
 

Mozilla denies reports of new Firefox exploit

Dan Kaplan July 20, 2009

Mozilla is downplaying the severity of a purported threat to its recently updated Firefox web browser.
 

Firefox releases update to fix severe vulnerability

Dan Kaplan July 17, 2009

Firefox has fixed a zero-day JavaScript bug -- which was being exploited in the wild -- that could have resulted in malware infection.
 

Security bug found in latest Firefox version

Chuck Miller July 14, 2009

An unpatched vulnerability in the newest version of Firefox could enable a hacker to remotely run arbitrary code on users' machines.
 

Google patches Chrome

Dan Kaplan June 23, 2009

Google has plugged a hole in is Chrome browser to fix an issue that could have enabled an attacker to cause a browser crash and execute arbitrary code, according to a company blog post. Version 2.0.172.33, released Monday, is patched for the buffer overflow vulnerability, rated "critical" by Google and discovered internally. Chrome automatically updates itself and requires no user action. It has about a six percent share in the browser market. — DK
 

Mozilla releases security fixes for Firefox

Chuck Miller June 12, 2009

The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.
 

Google updates Chrome security; withdraws crashing development browser

Chuck Miller June 11, 2009

Google Chrome was updated Wednesday to fix security issues in the WebKit web browser engine. Meanwhile, Google withdrew updates for a development Chrome version soon after release.
 

New Safari 4.0 fixes more than 50 vulnerabilities

Angela Moscaritolo June 09, 2009

Apple on Monday released web browser Safari 4.0, which contains fixes for more than 50 vulnerabilities.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breaches & Exposures Browser Flaws Cybercrime Data Leakage Prevention Database Security Email Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Spam Virtualization Vulnerabilities & Flaws Vulnerability Management