Mozilla released a patch for Firefox

Mozilla plans to release a patch for the Fire Browser browser next week to block a security hole that has "stuck" for a long time inside the software.

The update 2.0.0.10 is still being checked for the last time and "will be released to the public after Thanksgiving in the US", said Mozilla representative. " We want to wait a few more days to make sure the update is complete and clean ."

Currently, Mozilla is calling the Firefox community to check and run the browser on Friday - the "Quality Verification" date.

The security breach was discovered for the first time in February, but it wasn't until early this month that it attracted widespread attention when researcher Petko Petkov published it on his personal blog. He pointed out how to exploit the vulnerability to attack cross-site scripting against Firefox.

Source: Mozilla " This vulnerability comes from the fact that Firefox does not check the compressed files using the .jar (Java Archive) format. An attacker can insert malicious code into the .jar document and trick the victim. activated ".

A few days after Petkov announced his discovery, another expert nicknamed Bedford demonstrated how to exploit this vulnerability to attack Google users, access the victim's Gmail account and scour the calendar. search on any Google website.

" The attacker can go anywhere in Google, do whatever he wants with your profile ," Petkov warned.

Although both Petkov's and Bedford's vulnerabilities are related to how Firefox handles .jar files, Mozilla still sees these as two separate issues and will fix them in the patch next week.

Trong Cam