Mozilla patches 6 Firefox bugs

Mozilla Corporation fixed six vulnerabilities in its Firefox browser, the third time the open-source developer has updated Firefox in 2007. The updates bring the current browser to Version 2.0.0.4, and the 2005 edition to 1.5.0.12. Mozilla also reiterated that today's patches would be Firefox 1.5's last, and said that an update to Firefox 2.0.0.4 would be offered to its users "over the coming weeks."

MFSA 2007-12, the most serious of the six, patched 30 separate memory corruption bugs in the browser layout and JavaScript engines. Even Mozilla seemed unsure of their impact. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory read. Mozilla warned that Thunderbird and SeaMonkey, which shares Firefox's layout engine, may be vulnerable to these bugs as well and recommended that users do not enable JavaScript in Thunderbird or the mail portion of SeaMonkey.

The update also fixed a pop-up bug that could be used to mask parts of the browser, such as the address bar; a cross-site scripting vulnerability; a problem with how the browsers handle cookies; and a flaw that could let attackers crash Firefox using its autocomplete feature.

Link: Download Links
News source: ComputerWorld

Report a problem with article
Previous Story

Google to weave advertisements onto its Maps

Next Story

F-Secure Patches Flaws in Products

17 Comments

Commenting is disabled on this article.

black hats can just peek at firefox code and see where the flaws is...... it's probably more challenging to do it on IE, since you have to find it first....

kljs said,
black hats can just peek at firefox code and see where the flaws is...... it's probably more challenging to do it on IE, since you have to find it first....


Time isn't an issue either, not like MS will patch a vulnerability until it's found first, and then you have to wait a few months for an actual "fix"

GP007 said,
Whoever says their software is perfect or doesn't have flaws is living in a dream world.

duntkno said,
i guess i am.... its wonderful here....

Makes a little more sense now? I hope that was the intended parent, 'cause if not, i'm still confused.

Fire and Flames said,
ie7pro does not cost anything
Let me see...

Oh, drat! I need to buy a Windows license.

Linux user here. Sorry, but Mozilla is free. IE is prepaid with your copy of Windows.

markjensen said,
IE is prepaid with your copy of Windows.

If IE is prepaid than tell me how many IE versions are prepaid when you buy Windows version X?

Another question: are Windows Media Player and MSN Messenger prepaid too?

who said firefox is without flaws....

Firefox is very much open to spyware than IE7. I use them both:)

Yes, the only difference is that these ones get patched, while IE bugs deemed small may never be patched. Don't know why you are referring to spyware, as spyware is the least of your problems if a bug is successfully exploited (read root execution privileges in some cases).
Both are made by programmers, and both will have bugs...its just how they deal with them that is important. If Microsoft released the IE source code, you would probably be shocked by the amount of exploits found...

zivan56 said,
Yes, the only difference is that these ones get patched, while IE bugs deemed small may never be patched. Don't know why you are referring to spyware, as spyware is the least of your problems if a bug is successfully exploited (read root execution privileges in some cases).
Both are made by programmers, and both will have bugs...its just how they deal with them that is important. If Microsoft released the IE source code, you would probably be shocked by the amount of exploits found...

If Firefox had Internet Explorer's marketshare, you would probably be shocked by the number of zero-day exploits performed.

mkol said,
who said firefox is without flaws....

Firefox is very much open to spyware than IE7. I use them both:)

As far as I can tell, no one did.

Shining Arcanine said,

If Firefox had Internet Explorer's marketshare, you would probably be shocked by the number of zero-day exploits performed.

i think u BOTH have good points... but if u ask me i think "overall" (as of now) Firefox is a safer to use browser than IE is in general (especially for the average joe) cause it lacks market share so because it's the small guy it's less likely someone will attempt to exploit Firefox over IE.

on a personal note... although IE7 did get noticeably better than IE6 in terms of security etc etc, i just HATE IE7's interface... IE6's was MUCH better ... but it could be one of those things that "you just gotta get used to" sorta thing.

but bottom line for me is i dont think ill be switching from Firefox to IE anytime soon ... cause of firefox's extensions. the main one i like is "tabscroller" (which is basically only extension i have installed) cause with tabscroller you can set it up so when u hold down the right mouse button and use the scroll wheel it will scroll instantly between browser tabs you got open... it took me a while to get used to but once u do it saves time/wear and tear on your wrist switching between tabs since u dont gotta move your hand to switch between tabs by manually clicking on the tab in the tab bar

ThaCrip said,
i think u BOTH have good points... but if u ask me i think "overall" (as of now) Firefox is a safer to use browser than IE is in general (especially for the average joe) cause it lacks market share so because it's the small guy it's less likely someone will attempt to exploit Firefox over IE.

on a personal note... although IE7 did get noticeably better than IE6 in terms of security etc etc, i just HATE IE7's interface... IE6's was MUCH better ... but it could be one of those things that "you just gotta get used to" sorta thing.

but bottom line for me is i dont think ill be switching from Firefox to IE anytime soon ... cause of firefox's extensions. the main one i like is "tabscroller" (which is basically only extension i have installed) cause with tabscroller you can set it up so when u hold down the right mouse button and use the scroll wheel it will scroll instantly between browser tabs you got open... it took me a while to get used to but once u do it saves time/wear and tear on your wrist switching between tabs since u dont gotta move your hand to switch between tabs by manually clicking on the tab in the tab bar ;)

I agree, the extensions in firefox make it a better browser for me before i even consider saftey. Personally I have fun playing with webpage code using greasemonkey/firebug. Support for this kind of use just doesnt seem to exist in IE.