In association with heise online

« previous | next »
27 July 2006, 10:32

Bugs fixed in Firefox and Thunderbird.

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

It is not long since the release of version 1.5.0.4 of Firefox and Thunderbird, and yet the developers at the Mozilla Foundation have already prepared further versions of these Open Source programs. Rumours of these new versions have been circulating for some time, but now the details have been published. The new versions of Firefox is available now, and Thunderbird will follow shortly.

The next main revision of the web browser is due to be Firefox 2, which is already in beta, but although work on this is proceeding well, the latest update is 1.5.0.5. This improves the stability of the browser and also corrects some security holes. The email client Thunderbird is also vulnerable and version 1.5.0.5 will follow shortly.

A description of the change are given in the release Notes to Firefox 1.5.0.5 and Thunderbird 1.5.0.5. A list of the closed security holes is given in Known Vulnerabilities in Mozilla Products. This explains that in the new release, 12 holes have been plugged in Firefox and a total of 11 in Thunderbird.

The developers classify seven of these problems in Firefox to be critical; some of these errors could be used by attackers to execute code. In addition, errors in the Javascript engine have been fixed and a hole closed through which an attacker could gain the access rights of the logged on user.

With Thunderbird the developers classify only one error as critical; this allows a VCard attachment with a malformed base64 field to cause heap buffer overflow.

The download for Firefox 1.5.0.5 is already available in many international versions, for Windows, Linux and MAc OS X; that for Thunderbird 1.5.0.5 should be available shortly. All users of Firefox are advised to accept the new version when prompted by the Update function. Users of Thunderbird are also advised to install the new version when it becomes available.

As the Seamonkey project shares much of the same code base as Firefox and Thunderbird, it is also vulnerable to many of the same problems. This project is a continuation of the original Mozilla Websuite, including Browser, Mail and Chat clients, as well as an HTML editor. A new version 1.0.3 of Seamonkey is currently under development to fix 13 security holes. This new version should also soon be available for download.

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731278

Also on The H:

 
The H Open Headlines
    • July's Community Calendar

            The H

            The H Open

            The H Security

            The H Developer

            The H Internet Toolkit