Version 126.96.36.199 of the Firefox web browser has been released by the Mozilla organisation. The update closes a security hole that developers opened up when patching a previously identified bug. Apple has also released an update for Safari that fixes four security vulnerabilities in the browser for Windows and Mac OS X. Attackers were able to use crafted websites to install trojans that could spoof the address bar or execute cross-site scripting attacks.
Two of the vulnerabilities in Safari only affect the Windows version, the other two apparently affect both Mac OS X and Windows. Under Windows, file downloads with maliciously crafted names could crash the computer or allow injected program code to be executed. In addition, web sites could change the content of the address bar without loading the site indicated – the Apple developers had already remedied the flaw in Safari Beta 3.0.2, but it was apparently reinserted in 3.1
View: Full Article @ Heiss Online