The software giantas part of its monthly Patch Tuesday cycle of bulletins.
In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint. Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser. In all instances, an attacker would have to create a malicious Web site and trick people into visiting that site to hook into a PC.
Mozilla, releasing an update to its Firefox Web browser that fixes several security flaws and, as expected, adds support for Macs with Intel processors. The most serious bugs in Firefox could allow an outsider to commandeer a vulnerable computer, according to the Burning Edge, a Web site that tracks development of the open-source browser.
The vulnerabilities are fixed in version 184.108.40.206, which was released on Thursday.
Meanwhile, Oracleit has yet to patch. The business software giant is usually secretive about security and critical of researchers who publicly discuss flaws in Oracle products. But on April 6, the company itself published a note on its MetaLink customer Web site with details about an unfixed flaw.
Oracle confirmed the accidental posting. "Information regarding a security vulnerability was inadvertently posted to MetaLink," a representative for the company said. "We are currently investigating events that led to the posting."