The Mozilla Foundation has shipped release candidates for a new version of its Firefox Web browser to provide a thorough fix for a known code execution security vulnerability. The Firefox 1.0.7 makeover comes just one week after a private security researcher posted a proof-of-concept demonstration of a buffer overflow affecting users of the open-source browser.
Volunteers are putting the finishing touches to quality assurance testing, and the update is expected to ship within the next two days, a Mozilla official told Ziff Davis Internet News. The nonprofit Mozilla Foundation had earlier posted a temporary patch and workaround for the bug, which could be exploited by a remote attacker to execute arbitrary code on an affected host.
News source: eWeek