November 2008 has seen a slew of vulnerabilities impacting every main browser on the market. Among them, Safari and Firefox are the most impacted:
- Safari 3.2 includes corrections for 11 vulnerabilities which can lead to code execution, denial of service or information disclosure. An anti-phishing filter and support for EV certificates have also been added in response to criticisms from PayPal.
- Firefox 3.0.4 fixes 9 vulnerabilities with 4 rated as critical. Impacts of these vulnerabilities include denial of service, code execution, privilege escalation and information theft. For users of Firefox 2, these fixes are included in the 2.0.0.18 version.
While other browsers were impacted by fewer vulnerablities, updates were issued for:
- Internet Explorer: Microsoft has published a critical security advisory (MS08-069) concerning Microsoft XML Core Services which includes fixes for remote code execution and information disclosure vulnerabilities. This security update also includes protection to forbid access to HttpOnly cookies by XMLHTTPRequest objects, to prevent or mitigate exploitation of an XSS vulnerability.
- Google Chrome has fixed a vulnerability which can be used to send local files to an external server. This fix is currently only available in the developer version.
- Opera release 9.62 fixes a remote code execution vulnerability.
If you feel unsafe using the browser on your computer and want more details on browser virtualization and web session partitioning: www.commonit.com.
Tags: browser, vulnerabilities, web security
