ziomal.biz

Open source software just keeps getting better, according to a new report from Coverity, a San Francisco-based maker of source code analysis tools. Specifically, Coverity's Scan Report on Open Source Software 2008, released last month, found a 16 percent reduction in static analysis defect density in the open source software it analyzed over the past two years, reflecting the elimination of more than 8,500 individual defects. The study is part of the Department of Homeland Security's Open Source Code Hardening Project.

As Mozilla went after a Guinness World Record for the most downloads in a 24-hour period with its release of Firefox 3, it didn't take security researchers long to drop a bomb on all the browsing fun. TippingPoint's DVLabs reported that its Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. Are 8 million newly minted Firefox 3 surfers taking to the Web with a broken browser? Broken, of course, is just a fancy alliteration. In reality, DVLabs and Mozilla are both keeping the details under wraps.

Memory bugs, essentially a mistake in the management of heap memory, are caused by a number of factors and can occur in any program that is being written, enhanced or maintained. The fact that memory bugs can be introduced at any time is part of what makes memory debugging a challenging task. This is especially true with codes that are written collaboratively or that are being maintained over a long period of time, where assumptions about memory management can either change or not be communicated clearly.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

Mozilla released an update Thursday that corrects several vulnerabilities in the Firefox Web browser. Firefox 2.0.0.12 patches critical flaws that could result in Web browsing history and forward navigation stealing; privilege escalation that could allow cross-site scripting exploits; and crashes with evidence of memory corruption. The Firefox updates round out a busy week of critical patches -- Adobe Reader, QuickTime and Skype also reported bugs, said Mike Haro, a senior security analyst at Sophos.

San Francisco-based security firm Coverity has been working with support from the U.S. Department of Homeland Security and with Stanford University to find flaws in open source software, and it looks like they've found plenty. Since March 2006, an online Coverity software scanning site has analyzed 50 million lines of software in more than 250 projects, which ultimately led to 7,500 software defect fixes, 6,000 of which occurred in the first year. The scanning comes courtesy of a DHS grant that's part of the federal government's Open Source Hardening Project.