If it isn’t the add-ons it’s the Mother Ship – Firefox down
Having banged on about patching Java and Adobe add-ons over the past year (you’re all up to date now, right?), and this seemingly being the end of the holiday season for hackers, bloggers and reporters, we were at a bit of a loose end for this weeks missive.
Sneaking wireless keyboard/video and mouse units onto the back of high street bank terminals isn’t really our bag, although it does highlight the importance of physical security appropriate to the asset value – if we ran a bank we would use hardware certificates or two factor authentication throughout, let alone on publicly accessible areas.
Step forward Mozilla!
This week Mozilla released Firefox 24.0 (and SeaMonkey and Thunderbird 24,0). As well as improving performance and adding new features to (possibly) your favourite browser, this release fixes 17 vulnerabilities, of which 7 are critical
Yes, you read that right – 7 critical vulnerabilities, which could be exploited remotely, by some code on a webserver to compromise your environment.
If your desktop team have finished patching Microsoft, Adobe, Java and the rest, you should really put some work into looking at this new Firefox release. Obviously all of your apps that use a browser will need testing thoroughly as well as your customer facing web apps, so this is no stroll in the park.
In the meantime, we recommend that you work with your security, intrusion prevention and anti-virus providers to see if they offer any mitigation to this serious situation.
AT ITC we will be doing just that with our NetSure360° managed security platform, as well as using our network access systems (based on Forescout technology) to identify vulnerable Firefox instances.
If you would like to discuss this endless battle with someone who cares and understands, call us before The Samaritans on 020 7517 3900 or email [email protected]