IoT
Software // Enterprise Applications
News
2/23/2007
05:41 PM
50%
50%

Mozilla Security Update Fixes 7 Vulnerabilities

The patches foil the location.hostname vulnerability and help computer users running Firefox 1.5.0.10 and Firefox 2.0.0.2.

Mozilla rolled out the latest security update for its Firefox browser this week, patching seven vulnerabilities.

This round of patches is for Firefox 1.5.0.10 and Firefox 2.0.0.2 users. The updates are automatically deployed, but users also can go to this Web site and manually download them.

"We strongly recommend that all Firefox users upgrade to this latest release," said Mike Schroepfer, VP of engineering at Mozilla, in a statement e-mailed to InformationWeek. "This update resolves the location.hostname vulnerability and other security and stability issues. Thanks to the work of our contributors, we have been able to address these issues quickly in order to minimize the security risk to Firefox users."

The security update only repairs the current list of known flaws.

The security update for the open source browser originally was slated to be released Feb. 21 but was pushed back to accommodate a fix for the location.hostname vulnerability. Michal Zalewski, a Polish security researcher, was the first to disclose the vulnerability last week on his mailing list, Full Disclosure. He wrote that the flaw is in the most recent version of the Firefox browser -- 2.0.0.1 -- but added that it affects other recent versions, as well.

The vulnerability allows malicious Web sites to manipulate authentication cookies for third-party sites.

On Thursday, Zalewski posted information on a memory-corruption issue that crashes the browser and puts users at risk of hackers gaining remote control of the infected machines.

"I noticed that Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability," he writes. "When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise."

Mozilla says it's working on that bug as well.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 17, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.