The Mozilla foundation just released the popular web browser Firefox in version 3.6.9. The new version fixes overall 14 security vulnerabilities of which 10 are rated critical by the developers. Additionally, they added a new feature called “X-FRAME-OPTIONS“-header which shall help mitigating clickjacking attacks as web site owners can ensure with this header that their content isn’t inserted into other sites via frames. The update is available through the automatic update mechanism ( via the “Help” – “Search for updates” menu).
The developers at Google already published version 6 of their web browser last week. The release also closes 14 security holes, of which 7 get the “high” rating concerning their impact. The update should be completely automatic and in the background, however, on some Windows XP systems the users need to choose the “settings” icon on the right side of the address bar and choose “About Google Chrome”, where they then are offered to install the new release. A nice feature security-wise is the now integrated basic PDF reader. It can be activated by typing “about:plugins” into the address bar. This should help mitigate attacks on outdated versions of PDF readers on the computer. Just since today, a minor update to version 126.96.36.199 is available; it fixes minor issues with autocomplete, setting as default browser and importing data from other browsers.
And now even Apple has released an update for its web browser Safari for Mac OS X and Windows – version 5.0.2 and 4.1.2. It fixes 3 critical security vulnerabilities which allow for malicious code execution – 2 for Mac OS X and Windows and 1 just affecting Safari under the Windows operating systems. The update is available through the automatic updater or can be downloaded manually from Apples download web site.
As the new browser versions deal with so many critical security vulnerabilities, users and administrators should install them as soon as possible!