April 14, 2006 10:00 AM PDT

This week in software flaws

Microsoft released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins.

In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint. Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC.

Mozilla also made some revisions, releasing an update to its Firefox Web browser that fixes several security flaws and, as expected, adds support for Macs with Intel processors. The most serious bugs in Firefox could allow an outsider to commandeer a vulnerable computer, according to the Burning Edge, a Web site that tracks development of the open-source browser.

The vulnerabilities are fixed in version 1.5.0.2, which was released on Thursday.

Meanwhile, Oracle accidentally let slip details on a security flaw it has yet to patch. The business software giant is usually secretive about security and critical of researchers who publicly discuss flaws in Oracle products. But on April 6, the company itself published a note on its MetaLink customer Web site with details about an unfixed flaw.

Oracle confirmed the accidental posting. "Information regarding a security vulnerability was inadvertently posted to MetaLink," a representative for the company said. "We are currently investigating events that led to the posting."

See more CNET content tagged:
Metalink Ltd., cyberattack, Oracle Corp., vulnerability, flaw

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.