April 14, 2006 10:00 AM PDT
This week in software flaws
- Related Stories
Firefox update kills security bugs, adds Mac supportApril 13, 2006
Oracle's oops on security flawApril 11, 2006
'Critical' megapatch sews up 10 holes in IEApril 11, 2006
The software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins.
In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint. Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC.
Mozilla also made some revisions, releasing an update to its Firefox Web browser that fixes several security flaws and, as expected, adds support for Macs with Intel processors. The most serious bugs in Firefox could allow an outsider to commandeer a vulnerable computer, according to the Burning Edge, a Web site that tracks development of the open-source browser.
The vulnerabilities are fixed in version 18.104.22.168, which was released on Thursday.
Meanwhile, Oracle accidentally let slip details on a security flaw it has yet to patch. The business software giant is usually secretive about security and critical of researchers who publicly discuss flaws in Oracle products. But on April 6, the company itself published a note on its MetaLink customer Web site with details about an unfixed flaw.
Oracle confirmed the accidental posting. "Information regarding a security vulnerability was inadvertently posted to MetaLink," a representative for the company said. "We are currently investigating events that led to the posting."