We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

'Critical' fix among 6 Firefox updates

Mozilla patches bugs in Firefox 2

Mozilla has patched its flagship Firefox browser with fixes for six vulnerabilities, one of which was stamped ‘critical’ by the open-source developer. This was the third time Mozilla has updated Firefox in 2007.

The updates bring the current browser to Version 2.0.0.4, and the 2005 edition to 1.5.0.12.

MFSA 2007-12, the most serious of the six, patched 30 separate memory corruption bugs in the browser layout and JavaScript engines. Even Mozilla seemed unsure of their impact. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory read.

Mozilla warned Thunderbird and SeaMonkey that their email software, which shares Firefox's layout engine, may be vulnerable to these bugs as well. The developers recommend that users do not enable JavaScript in Thunderbird or the mail portion of SeaMonkey.

The updates also fix a pop-up bug that could be used to mask parts of the browser, such as the address bar; a cross-site scripting vulnerability; a problem with how the browsers handle cookies; and a flaw that could let attackers crash Firefox using its autocomplete feature.

Firefox 2.0.0.4 can be downloaded from the Mozilla website for Windows, Mac OS X and Linux; Firefox 1.5.0.12, meanwhile, is available from a different page. Current users can also update using the Check for Updates command in the help menu.

Mozilla also reiterated that Thursday's patches would be Firefox 1.5's last, and said that an update to Firefox 2.0.0.4 would be offered to its users "over the coming weeks”.

Although Firefox ended 2006 on an upbeat security note according to Symantec - the anti-virus vendor tallied 40 patches in the last six months of the year, 26 percent fewer than the 54 released for rival browser Internet Explorer - so far this year, Mozilla has addressed more than twice as many vulnerabilities as IE. In the first five months of 2007, 22 bugs in Firefox have been patched, 9 of which were pegged as critical. Microsoft has fixed only 8 in IE; 7 were labelled critical.

See our Firefox 2 versus Internet Explorer 7 comparison.

www.computerworld.com


IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

iPhone buying advice: Should I buy an iPhone 6, iPhone 6 Plus, iPhone 5s, or iPhone 5c, or wait for7......