This week, Mozilla patched seven vulnerabilities with the latest security update, available both with automatic updates and manual download from the company's website, for Firefox 1.5.0.10 and Firefox 2.0.0.2. The security update was originally slated for a February 21 release but was pushed back to accommodate a fix for the location.hostname vulnerability. The vulnerability allows malicious Web sites to manipulate authentication cookies for third-party sites. "We strongly recommend that all Firefox users upgrade to this latest release. This update resolves the location.hostname vulnerability and other security and stability issues. Thanks to the work of our contributors, we have been able to address these issues quickly in order to minimize the security risk to Firefox users," said Mike Schroepfer, VP of engineering at Mozilla.
The open-source software maker is already working on another serious bug that Michal Zalewski, a Polish security researcher, described as a memory-corruption issue on his mailing list, Full Disclosure: "I noticed that Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability. When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise."
News source: InformationWeek
The open-source software maker is already working on another serious bug that Michal Zalewski, a Polish security researcher, described as a memory-corruption issue on his mailing list, Full Disclosure: "I noticed that Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability. When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise."
News source: InformationWeek
Just noticed that it is updating... Hm..
But click on the link to the bug, and you see it is RESOLVED FIXED for 1.8.0.10 and 1.8.1.2!! (Michal was testing against firefox 2.0.0.1, in which the bug was present, but it got fixed on the road to 2.0.0.2 by a different patch).
Last edited by Cryton on 25 Feb 2007 - 12:54
But click on the link to the bug, and you see it is RESOLVED FIXED for 1.8.0.10 and 1.8.1.2!! (Michal was testing against firefox 2.0.0.1, in which the bug was present, but it got fixed on the road to 2.0.0.2 by a different patch).
Last edited by RyanVM on 26 Feb 2007 - 01:28
IE7 in Windows Vista is not affected
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.