main

Mozilla Patches Critical Firefox, Thunderbird Flaws

Daniel Fleshbourne   on 15 September 2006 - 17:39 · 12 comments & 6325 views

Advertisement (Why?)
Microsoft's Internet Explorer isn't the only Web browser with serious security issues. Mozilla on Sept. 15 shipped a "highly critical" Firefox update to correct a range of security flaws that could lead to security bypass, cross-site scripting, spoofing, denial-of-service and system access attacks.

The open-source group patched a total of seven vulnerabilities in its flagship browser and warned that the majority of the flaws could be exploited to run attacker code without any user interaction beyond normal Web browsing. Since releasing Firefox 1.5 in November 2005, Mozilla has patched 59 security vulnerabilities in the browser, more than half rated by the company as "critical." The most serious bug fixed in the Firefox 1.0.7 update is an error in the handling of JavaScript. This can be exploited to cause a heap-based buffer overflow to execute arbitrary code without user action.

View: The full story
News source: eWeek

Share this Article

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 12 additional comments
(3 replies) #1 em_te on 16 Sep 2006 - 04:43
To all those people whining: the software is free. The Mozilla people don't owe you anything. They are working in their own spare time to write fixes for you. So stop whining!
#1.1 RealFduch on 16 Sep 2006 - 16:57
They owe us what they promised us.
The *bulletproof* browser

BTW IE7 is free too. Does MS owe us something?
#1.2 *John* on 16 Sep 2006 - 20:03
Quote - RealFduch said @ #3.1
They owe us what they promised us.
The *bulletproof* browser

BTW IE7 is free too. Does MS owe us something?


How the hell is IE7 free? You have to buy windows to get it? It can be called free when ANYONE can have it, not just Microsoft customers.

You fail
#1.3 XerXis on 16 Sep 2006 - 22:45
Quote - em_te said @ #3
To all those people whining: the software is free. The Mozilla people don't owe you anything. They are working in their own spare time to write fixes for you. So stop whining!


just stop saying those silly things, the mozilla corporation is a highly profitable company, and the devs don't work for free. Let alone in their spare time
#2 em_te on 16 Sep 2006 - 05:06
How about linking to the list of bug fixes?
Quote -
  1. Popup-blocker cross-site scripting (XSS): blocked popups opened from the status bar "blocked popups" icon were always opened in the context of the site listed in the Location (address) bar, even if the blocked popup were originally opened by a subframe loaded from another site. This allows the popup to perform a cross-site scripting attack against the framing web site.
  2. Frame spoofing using document.open(): a way to inject content into a sub-frame of another site using targetWindow.frames[n].document.open(), making the attackers content look like it was part of the victim site.
  3. Concurrency-related vulnerability: timing dependent testcases that trigger crashes at the same place during text display.
  4. JavaScript Regular Expression Heap Corruption: crash due to a heap buffer overflow triggered by a JavaScript regular expression containing a minimal quantifier. We presume this could be exploited to run arbitrary code.
  5. Auto-update compromise through DNS and SSL spoofing: auto-update mechanism protects itself against DNS spoofing using SSL; many users accept unverifiable self-signed certificates without much thought on "low value" sites, and this could be used as the basis of an attack on the update system.
#3 Croquant on 16 Sep 2006 - 09:30
I wonder if the Firefox 2.x Beta builds are affected?
#4 eilegz on 17 Sep 2006 - 01:12
well at least mozilla its working, i cant say the same about m$ that focus more on DRM than ie that its the main focus of windows insecurity.
#5 ThaCrip on 17 Sep 2006 - 08:54
people need to start arguing about the IE vs Firefox thing as it's obvious thats happening in alot of the comments above... both browsers are good... although myself i pretty much only use firefox.... each browser has there security issues and that will never change.... and since SP2 IE is MUCH improved overall... although i do tend to think that a person running firefox is less likely to get infected with spyware/adware etc... especially on non SP2 machines.
#6 j0j081 on 17 Sep 2006 - 14:28
Firefox fanboys are the worst.
#7 Brian B on 17 Sep 2006 - 17:13
Comments Claned

Anymore fanboy posts... you know who you are... will get warns.
(1 reply) #8 Kushan on 17 Sep 2006 - 20:11
I see ONE comment from an "obvious" firefox fanboy. There are more anti-Firefox posts here than anything else.
#8.1 Brian B on 17 Sep 2006 - 22:15
Thats because as I said... I cleaned the newspost... see the above bolded wording thats spelled wrong???

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net