Language Selection

English French German Italian Portuguese Spanish

Mozilla Updates Firefox to Fix Security Gaps

Filed under
Moz/FF

The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue.

Mozilla has released Firefox 1.0.5 and plans to follow it with new versions of its Thunderbird e-mail client and namesake browser application suite on Wednesday, said Chris Hofmann, Mozilla's director of engineering.

The Firefox update fixes 11 security issues discovered both by outside security researchers and from Mozilla's own Security Bug Bounty Program, which offers a $500 reward for reporting bugs.

Hofmann said that Mozilla knows of no exploits of the security vulnerabilities patched in Firefox 1.0.5.

Among the vulnerabilities plugged in Firefox 1.0.5 is a browser spoofing issue reported last month by security researcher Secunia. The spoofing vulnerability, which affected all major browsers, could aid scammers in successfully launching phishing attacks.

Users could be convinced to provide sensitive information in JavaScript dialog boxes that do not display their origins. To fix the issue, the Firefox upgrade now displays in a JavaScript window's header the Web address of the source of the prompt's content, Hofmann said.

Also last month, a 7-year-old frame-injection vulnerability, which had been patched in earlier versions of Mozilla browsers, reared its head again in Firefox.

The new version patches the flaw, which had the potential to allow an attacker to load malicious content in the browser window of a trusted Web site by exploiting the way browsers handle frames.

It is working on a revamped software updating system for the next major release of Firefox, Version 1.1, which is due for release later this summer.

A second alpha release of Firefox 1.1, called "Deer Park," was slated to be available for testing among developers as soon as Tuesday.

That alpha was supposed to include early test code of the new software updates system, Hofmann said.

Full Story.

Strange

I went to the mozilla site to get the source for 1.0.5 to rebuild my rpm for pclos and there source isnt listed as yet. I guess I'll have to wait until the source shows up in their repo.

re: strange

Yeah, dang, it still ain't up.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Games for GNU/Linux

  • Atom Zombie Smasher is being updated, Linux version to finally come to Steam
    Atom Zombie Smasher came to Linux a long time ago, but the Linux version never did make it to Steam. It is now being updated by Ethan Lee and the Linux version will be put onto Steam.
  • The Curious Expedition to release in full on September 2nd with Linux support
    The Curious Expedition is a roguelike expedition simulation set in the late 19th century, it is soon to leave Early Access and has full Linux support. It has been on Linux since the early days, so it's one title that has supported us for quite a while. I have never tried it, but the reviews seem pretty good!
  • Speculation: It's looking like Rocket League may finally arrive on Linux in September
    Rocket League is way overdue, we all know that, but honestly I am fully expecting it to arrive with the patch due in September named the 'Rumble Update'. This update will come with a bunch of stuff including a new game mode. I'm speculating of course, so don't take this as solid confirmation of anything. The evidence is starting to come together though and I will be extremely surprised if Linux isn't released with the Rumble update next month. Every time Rocket League is updated on SteamDB, the Linux depot is now also updated and this has been true for about two weeks now. This is the single most activity the Linux side of RL has ever seen being pushed into branches on Steam.

Linux-compatible Hardware

  • EOMA68 modular laptop/desktop raises more than $150 thousand through crowdfunding, here’s what’s next
    The EOMA68 project is an effort to design a system of modular computing devices that use interchangeable PC cards. The processor, memory, storage, and operating system are all on a card that you can pop out of a laptop or desktop and replace with a different card. Theoretically any type of processor and operating system can run from an EOMA68 card, but the project is also designed to support free and open source software, which restricts some of the hardware that can be used… so the when founder Luke Kenneth Casson Leighton took to Crowd Supply to raise money to begin production of the first PC cards and laptop and desktop shells, the focus is on first-gen cards with low-power Allwinner A20 processors, 2GB of RAM, and 8GB of storage.
  • Seeed Studio’s ReSpeaker Speaks All the Voice Recognition Languages
    Seeed Studio recently launched its third Kickstarter campaign: ReSpeaker, an open hardware voice interface. After their previous Kickstarted IoT hardware, such as the RePhone, mostly focused on connectivity, the electronics manufacturer from Shenzhen now tackles another highly contested area of IoT: Voice recognition.
  • Open-source Piton CPU can scale into million-core system
  • Open Source SNES to USB Converter Lets You Emulate Legally
    [Andrew Milkovich] was inspired build his own Super Nintendo cartridge reader based on a device we covered an eternity (in internet years) ago. The device mounts a real cartridge as a USB mass storage device, allowing you to play your games using an emulator directly from the cart.

The Importance of BSD

The Berkeley Software Distribution (BSD) is a Unix operating system developed by the Computer Systems Research Group (CSRG) of the University of California, Berkeley. Read more

Ubuntu 16.10 Unity and Ubuntu MATE

  • Ubuntu 16.10 Unity 8 / Mir - Current State
  • Bytemark sponsor Ubuntu MATE
    A couple of weeks ago the Bytemark Managing Director, Matthew Bloch, contacted the Ubuntu MATE team to offer free hosting for the project. As of August 18th 2016 all the Ubuntu MATE infrastucture is hosted on Bytemark Cloud Servers.
  • Ubuntu MATE 16.10 Beta 1
    We are underwhelmed to announce, quite possibly, our most uninteresting beta release E-V-E-R! ;-) This beta release is all about the plumbing that transitions Ubuntu MATE to GTK 3.20. It really isn’t very interesting from an end-users perspective.