Earlier last week Mozilla made available an unscheduled security update for Firefox bringing it to version 41.0.2 to address a high severity CVE (defined).
This security issue was reported to Mozilla by 2 security researchers.
The issue involves violating the Cross Origin Resource Sharing (CORS) mechanism policy of a web browser which allows a web application in one domain e.g. example.com to access resources within another domain e.g. example2.com. This is accomplished by CORS since it provides a secure means of allowing the source/origin domain to call APIs (Application Programming Interface)(see Aside below for a definition) in another domain. Firefox did not correctly implement the fetch() API which would allow a specifically crafted webpage access to data that it would not usually be able to.
Further details of this update (and the issue it addresses) are available here. If Firefox is installed on any computer that you use, please install the appropriate update as soon as possible. Details of how to install updates for Firefox are here.
Mozilla Firefox updates generally install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.
What is an Application Programming Interface (API)?
An application programming interface is a structured way of accessing extensive pre-built functions (defined, please see the Aside within that post) available within a programming language e.g. C, C++, Java etc. They allow a programmer to accomplish a desired task without having to write the code themselves to do so. They can use (call) a function from the language’s API to carry out their desired task.
An API is usually a large list of functions which details what a function does and how to make use of (call) it. This includes the types of parameters that you may need to provide to that function for it to carry out a task for you (some functions need parameters, some don’t). Further background information on API’s is available here.
An example of an API function provided by C is printf() We will use this function below to print “Hello World” onto our screen in the following example program. The link to printf() provided above is to the API for this function. We are providing a parameter to the function in the form of the text that we wish to print to the screen and we include a new line character to start a new line at the end of the text (since by convention all strings (sequences of characters) should be null (\n) terminated).
/*Declare the necessary string library (stdio.h) for the function that we will call. Please ensure to use the correct placeholder brackets on each side of stdio.h, namely <> I can't insert these directly into this post due to how WordPress interprets code*/
int main(argc, char *argv)
return 0; /*Since our main function is declared as above it must return an integer value. We will return 0 for simplicity.*/