Firefox, SeaMonkey Plug-in Woes

Thursday, October 6, 2011 @ 03:10 PM gHale


A major incompatibility between Mozilla’s browsers Firefox and SeaMonkey, and McAfee’s ScriptScan plug-in has caused “a high volume of crashes”, Mozilla officials said.

The problem first came to light in September, when members of the McAfee forum started reporting problems with version 14.4.0 of ScriptScan, a tool which checks web pages, as they load into the browser, for malicious code. This is the first time since July Mozilla found it necessary to block a plug-in.

RELATED STORIES
Malware Hits IE, then Attacks Firefox
New APT Attacks Hit Russia
Iran Creating Counter to Stuxnet
Malware Changes, Systems Need to, Also

Mozilla recommends ScriptScan users disable the browser plug-in.

The issue only affects version 7 of the browsers according to Francie Coulter, a McAfee spokesperson who added “McAfee has identified the cause and is working actively with the Firefox team to resolve this issue and expects to roll out an update shortly.”

Firefox has had other issues of late as Mozilla patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7.

Firefox 7 patched 11 security vulnerabilities, 10 of which were rated “critical,” the company’s most serious threat rating; the sole exception was “moderate.”

Because Mozilla now bundles security patches almost exclusively with each version upgrade, users stuck on Firefox 6 or earlier must update to quash the bugs.

Two of the critical vulnerabilities patched were in Firefox’s implementation of WebGL, a 3-D rendering standard Firefox and Google’s Chrome comply with. One of the pair came to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL.

The other came from a member of Google’s security team.

Firefox has received several patches specific to WebGL since Context recommended users and administrators disable the standard in Mozilla’s browser and in Chrome.



Leave a Reply

You must be logged in to post a comment.