The Mac Security Blog
The Mozilla Foundation has released Firefox 10, the latest version of their web browser, which fixes eight vulnerabilities, six of which are rated critical. These include memory corruption issues, cross-scripting vulnerabilities and more. (See the Firefox security advisory.)
Firefox 10 also features some “powerful new developer tools,” for web designers, and a new system for checking add-on compatibility.
The Mozilla Foundation also released Firefox 3.6.26, with patches for five vulnerabilities, because some people are still using the two-year old version of the program for compatibility reasons.
Users can automatically update their copy of Firefox by launching it, choosing Firefox > About Firefox, and clicking Check for Updates. Alternatively, you can download a copy here, or, for version 3.6.26, here.
The Opera web browser has been updated to fix a high-risk cross-scripting vulnerability, as well as a low-risk JavaScript issue. Version 11.61 also improves stability. In addition, Opera has added an auto-update mechanism. When launching version 11.60, users see an upgrade notice, and a message indicates that, “You will never have to upgrade manually again, because the newest version of Opera contains an auto-update mechanism.”
Google has updated its Chrome web browser for three high-risk vulnerabilities, bringing the program to version number 16.0.912.77. Google’s release notes point out that one of the bugs, regarding Safe Browsing navigation, “was fixed in 16.0.912.75 but accidentally excluded from the release notes,” so this release actually mentions four vulnerabilities, but only actually fixes three of them.
The Chrome browser auto-updates on Mac OS X, so you don’t have to worry about downloading a new version.
It was only three weeks ago that Google updated their Chrome web browser for a number of security flaws. The company has released another update, addressing three high-risk issues, and incrementing the version number to 16.0.912.75. None of these issues are serious enough to lose sleep over, but sometimes even the smallest vulnerabilities can be exploited.
As always, Chrome will update itself, so no need to worry about downloading anything on your own. Full information about the security fixes in the update is available here.
The Mozilla Foundation has released Firefox 9 (it seems like just a few months age we were using Firefox 4…), and, with it, has fixed several memory safety bugs in the browser engine and in other programs, such as Thunderbird and SeaMonkey. These vulnerabilities were not critical, but, as the Mozilla Foundation’s security advisory says, “we presume that with enough effort at least some of these could be exploited to run arbitrary code.”
The Mozilla Foundation also released Firefox 3.6.25, with a single fix related to Java .jar files. This version of Firefox, for older versions of Mac OS X, is not seeing any more updates.
As usual, you can download a copy of Firefox, or launch your current copy and have it automatically update.
Google has released an update to the company’s Chrome web browser, moving it to version 16.0.912.63, patching 15 vulnerabilities along the way. Some of these are rated “high” risk, but none are serious enough to cause users to worry. As always, the Chrome browser updates automatically, even if it’s not running. When we just checked in our Applications folder, we found that the version number of the Chrome application matched this new version.