Mozilla Releases ‘Critical’ Patches for Firefox

By NewsFactor Network | December 20, 2006

Mozilla has released a set of security updates for versions 1.5.x and 2.0.x of the Firefox Web browser and for two other software packages: Thunderbird, an e-mail client, and SeaMonkey, a suite of programs that includes a chat client and a tool to build Web sites.

Mozilla has labeled most of the updates “critical,” while security-firm Secunia has rated them “highly critical.”

Mozilla still supports the 1.5.x version of its well-known and well-liked Firefox browser, but has continued to suggest that users update their software to the most recent version. Mozilla plans to phase out support for older versions of Firefox in the second quarter of 2007.

Bugs of Every Species

“As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several bugs to improve the stability of the product,” Mozilla said in a published statement. “Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort.”

The updates patch a wide range of flaws in Mozilla’s products, from problems with RSS feeds to the way that JavaScript is used in e-mail. Mozilla recommends that users disable JavaScript in Thunderbird to prevent unauthorized code from affecting their systems.

Other problems fixed by the latest round of updates include the way the browser renders graphics on certain Web sites and the way it renders custom cursors through CSS, or Cascading Style Sheets. The latter problem can lead to buffer overflows, in which a piece of software attempts to use more than its allotted memory and sparks a system crash as a result.

Browser Wars

Despite the newly patched flaws, Mozilla’s browser is widely believed to be safer than Microsoft’s Internet Explorer, which suffers from countless hack attempts on account of its popularity. More than 80 percent of…

Bookmark and Share :-)