Bugs & Fixes: Security Fixes for All Major Browsers

Essential patches popped up for all the big browsers. Plus: Excel and Moviemaker updates, and watch out for F1.

By Erik Larkin, PC World |  Internet, Chrome, Firefox

Whatever you use to surf the Web needs a fix. Developers of all five major browsers--Chrome, Firefox, Internet Explorer, Safari, and Opera--recently released important security patches.

To head off a growing number of attacks against a publicly known security bug, Microsoft took the unusual step of releasing IE's fix outside its usual Patch Tuesday monthly update cycle. The cumulative IE patch closes a total of ten bugs, the most significant of which let bad guys to invade a PC via IE 6 or IE 7 using a malicious Web page. Attacks against the flaw started out small-scale, but became more prevalent within a few weeks.

While IE 8 wasn't affected by this flaw, it needed several other fixes present in the cumulative patch. Whatever your combination of Windows and IE, odds are the patch is rated critical for you, since only Windows Server 2003 with IE 6 or IE 8, and Windows Server 2008 with IE 8, get anything less than a critical rating. Pick up the fix via Windows Update, and for more details see Microsoft's security bulletin.

Unfixed IE Flaw

But IE users on Windows 2000 and XP can't let their guard down even after installing the fix. Another vulnerability that allows a specially crafted site to use VBScript to get to unsafe Windows Help files through Internet Explorer remains unfixed. But there's a warning sign: An attack would have to display a dialog box that asks you to press the F1 key. If you don't hit F1, the attack won't trigger.

Windows Server 2003 is also affected, but Windows 7, Vista, and Server 2008 are not. Techie users comfortable with the Windows command line can apply a workaround to "lock down the legacy Windows Help system." Get the instructions.

Last Gasp for Firefox 3.0

Mozilla pushed out patches for the Firefox 3.0, 3.5, and 3.6 browsers. If you're still using 3.0, take special note: The 3.0.19 update will be the last. To avoid getting stuck with an out-of-date (and therefore unsafe) browser, head to firefox.com to pick up version 3.6. The 3.0.19 update closes five critical security flaws. All but one of the flaws involves JavaScript (the last flaw can crash the browser engine), and all of them could potentially be hit to "run arbitrary code" (security-speak for "the bad guy can do anything he wants").

Originally published on PC World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question