Firefox Patch Fixes Vulnerabilities And Prevents Crashing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
06:32 PM
Connect Directly

Firefox Patch Fixes Vulnerabilities And Prevents Crashing

Mozilla Foundation's browser fix covers "moderately critical" and other security vulnerabilities, and addresses dozens of performance issues.

It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash.

The security update, Firefox 1.0.1, can be downloaded immediately at, and it will be available within a few days via Firefox's automatic update feature. "I'd encourage users to get this release, especially if they've been prone to phishing attacks or spoofing," says Chris Hofmann, director of engineering with Mozilla, a nonprofit software-development organization. "A lot of work in this release focuses on those areas."

The update covers a handful of security vulnerabilities and approximately 40 other fixes related to browser performance based on user feedback to Mozilla. The security vulnerabilities range from "moderately critical" in nature to not critical. None of them are highly critical, and there are no known exploits for any of the vulnerabilities, Hofmann says.

One security patch addresses the problem of international domain name spoofing, in which a hacker could potentially spoof a Web site through the international characters in the browser. The fix involves putting "funny-looking characters" in the susceptible area of the browser, though Hofmann acknowledges it's only a temporary solution. Security firm Secunia described the IDN spoofing vulnerability in a bulletin earlier this month.

The update is also meant to prevent cross-site scripting, in which an attacker gains access to data entered on a Web site by manipulating the browser.

Firefox 1.0 has been downloaded 27 million times since it was released on Dec. 7. In the process, the no-cost browser has cut into Microsoft Internet Explorer's dominant share of the browser market. IE's market share on Windows PCs had slipped to 92.7% in mid-January, from 96.7% in June, while Firefox's share rose, according to WebSideStory Inc., a Web-analytics firm that tracks browser usage. WebSideStory is expected to release updated Web-browser statistics next week.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll