In association with heise online

18 July 2007, 12:19

Firefox fixes security vulnerabilities [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Mozilla development team have released update for their Firefox web browser. It is available via the automatic update function or can be downloaded in various languages for Windows, Mac OS X or Linux. Firefox users are advised to update their browser as soon as possible.

The update does not offer any new features. It does, however, appear to fix security vulnerabilities which include the recently reported vulnerability arising from a complicated interaction with Microsoft's Internet Explorer. Certainly the demonstration web page by Thor Larholm no longer functions in our tests after installing the update.

The page of known vulnerabilities lists eight security issues that remedies, including the above Internet Explorer interaction vulnerability. The security problem when accessing wyciwyg:// URIs reported in the last few days, which can be used for spoofing, has also been addressed. In addition, critical bugs which could lead to crashes and possible code injection have been fixed, as has a vulnerability which led to escalation of privileges via the event handler.

According to the security advisories of the Mozilla developers, two of the vulnerabilities also affect Thunderbird. The mail program can also crash and possibly execute injected code. Also the previously reported interaction between Internet Explorer and Firefox can also occur between IE and Thunderbird. According to the security advisories, Thunderbird will fix those errors. It isn't available on the download servers yet though. It should appear as release shortly.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit