In association with heise online

07 March 2007, 14:50

Mozilla has patched a critical patch bug

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a belated announcement, the Mozilla team has reported that the recently published updates for Firefox and SeaMonkey also remedied a critical security hole that had been caused by a patch published in December. The attempt to fix a bug occurring during IMG tag handling allowed hackers to execute arbitrary code via javascript-URIs on the system - even if JavaScript execution was disabled.

Thus, the patch has not only failed to eliminate the security problem, but has even worsened the situation. In 2006, Microsoft struggled with similar problems related to Internet Explorer.

Thunderbird users have not been affected by this bug. Although the incorrect patch was integrated in this program, too, the mail client does not execute javascript-URIs in IMG-tags. The bug has been fixed in Firefox and SeaMonkey 1.1.1/1.0.8 versions published in February. The Mozilla team advises users to upgrade to these versions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit