Language Selection

English French German Italian Portuguese Spanish

Mozilla Updates Firefox to Fix Security Gaps

Filed under
Moz/FF

The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue.

Mozilla has released Firefox 1.0.5 and plans to follow it with new versions of its Thunderbird e-mail client and namesake browser application suite on Wednesday, said Chris Hofmann, Mozilla's director of engineering.

The Firefox update fixes 11 security issues discovered both by outside security researchers and from Mozilla's own Security Bug Bounty Program, which offers a $500 reward for reporting bugs.

Hofmann said that Mozilla knows of no exploits of the security vulnerabilities patched in Firefox 1.0.5.

Among the vulnerabilities plugged in Firefox 1.0.5 is a browser spoofing issue reported last month by security researcher Secunia. The spoofing vulnerability, which affected all major browsers, could aid scammers in successfully launching phishing attacks.

Users could be convinced to provide sensitive information in JavaScript dialog boxes that do not display their origins. To fix the issue, the Firefox upgrade now displays in a JavaScript window's header the Web address of the source of the prompt's content, Hofmann said.

Also last month, a 7-year-old frame-injection vulnerability, which had been patched in earlier versions of Mozilla browsers, reared its head again in Firefox.

The new version patches the flaw, which had the potential to allow an attacker to load malicious content in the browser window of a trusted Web site by exploiting the way browsers handle frames.

It is working on a revamped software updating system for the next major release of Firefox, Version 1.1, which is due for release later this summer.

A second alpha release of Firefox 1.1, called "Deer Park," was slated to be available for testing among developers as soon as Tuesday.

That alpha was supposed to include early test code of the new software updates system, Hofmann said.

Full Story.

Strange

I went to the mozilla site to get the source for 1.0.5 to rebuild my rpm for pclos and there source isnt listed as yet. I guess I'll have to wait until the source shows up in their repo.

re: strange

Yeah, dang, it still ain't up.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 5.2.0 Linux RAW Image Editor Introduces a New Red Eyes Tool, Bug Fixes

The digiKam developers were proud to announce the release of the second maintenance update to the digiKam 5 latest stable series of the free and open source RAW image editor for GNU/Linux operating systems. Read more

wattOS 10 Microwatt Edition Comes with Less of Everything, Based on Ubuntu 16.04

After releasing the LXDE edition of wattOS 10 at the beginning of the month, developer Ronald Ropp now announced the availability of the Microwatt Edition, which includes less of everything when compared to its bigger brother. Read more

How to throw a tarball over the wall

It costs a lot of money to open source a mature piece of commercial software, even if all you are doing is "throwing a tarball over the wall." That's why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others. If all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Read more

Debian-Based Robolinux 8.6 Adds Over 275 Important Security and Software Updates

The developer of the Debian-based Robolinux computer operating system announced the release of the sixth maintenance update to the Robolinux 8 LTS "Raptor" series of his GNU/Linux distribution. Read more