Both Mozilla and Microsoft posted patches to address flaws in the latest versions of Internet Explorer 7 and Firefox.
The Mozilla patch addresses some eight security flaws in versions 2 and 3 of the browser. Among the fixes are several vulnerabilities which could be targeted in cross-site scripting attacks, as well as one which could be exploited to remotely execute code.
Ironically, the update also brings with it a drop in security protection for some Firefox users. The 22.214.171.124 update signifies the end of security support for the browser.
Additionally, Mozilla will be shutting down anti-phishing protections for the Firefox 2 due the Google ending support for the browser's phishing site blacklist.
Mozilla is advising any users who haven't already upgraded to the latest version of the browser to do so.
Meanwhile, Microsoft issued an out-of-cycle update for Internet Explorer 7. The patch was first announced yesterday in response to a series of attacks in the wild on an unpatched flaw.
The update addresses a vulnerability in the way IE7 handles certain text files. If exploited, an attacker could use the flaw to remotely execute code on a targeted system.
The release comes just eight days after Microsoft issued its monthly patch for separate flaws in IE, Office and Windows.
IE7, Firefox get security fixes
By Shaun Nichols on Dec 18, 2008 2:51PM