We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security flaws fixed in Firefox update

Eight highly critical patches available

Mozilla has released a version of its Firefox browser containing critical security updates. Version 1.5.0.1 of the browser, released on Wednesday, also contains a number of 'stability' fixes to address problems causing the browser to impede the performance of some systems.

Wednesday's release marks the first time Mozilla developers have used the product's automatic update mechanism, which was introduced with version 1.5 of the browser.

Yesterday, some users were complaining on online forums that they had not been automatically notified of the software updates, as expected. But this delay is happening because Mozilla is staggering the updates to prevent its servers from overloading, according to Mike Schroepfer, vice-president of engineering at the organisation.

Before Wednesday's software release, the updating service had been tested with about 500,000 early testers and it worked fine, according to Schroepfer. "There's no need to panic," he said. "I have high confidence that [all users] will get the update."

The new release's eight security fixes have been cumulatively rated as 'highly critical' by security firm Secunia because some of them could theoretically be exploited to take over an unpatched PC.

However, this risk is mitigated because there is no known code in circulation that exploits any of the bugs, according to Schroepfer. "They're all things we've found internally," he said.

As of yesterday morning, Firefox users had downloaded about 10 million updates. Schroepfer estimated that another 10 to 15 million were to come.

Though the new release is not supposed to impede any Firefox extensions, some users had reported problems with some of these add-on programs. Marc Orchant, a blogger and marketing executive at VanDyke Software, said that the update broke four of the 20 extensions he uses.

By yesterday morning, two of his three PCs running Firefox had updated, and Orchant was generally pleased with the experience. "Both of them updated without incident," he said, "and it did a very nice job of telling me which extensions it was breaking for me."

Orchant was also impressed that Mozilla developers had taken steps to address memory leak problems, which were causing his browser to consume as much as 200MB of system resources at times. "They appear to have fixed the most significant memory leaks," he said. "It seems to be hovering around the 45MB range now."

Also yesterday, Secunia warned of a 'moderately critical' bug in the way Mozilla's Thunderbird email client processes messages that use the JavaScript web programming language. Users are advised to disable JavaScript and to be careful about opening email from untrusted sources, Secunia said.


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...