Mozilla Security Update Fixes 7 Vulnerabilities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Mozilla Security Update Fixes 7 Vulnerabilities

The patches foil the location.hostname vulnerability and help computer users running Firefox 1.5.0.10 and Firefox 2.0.0.2.

Mozilla rolled out the latest security update for its Firefox browser this week, patching seven vulnerabilities.

This round of patches is for Firefox 1.5.0.10 and Firefox 2.0.0.2 users. The updates are automatically deployed, but users also can go to this Web site and manually download them.

"We strongly recommend that all Firefox users upgrade to this latest release," said Mike Schroepfer, VP of engineering at Mozilla, in a statement e-mailed to InformationWeek. "This update resolves the location.hostname vulnerability and other security and stability issues. Thanks to the work of our contributors, we have been able to address these issues quickly in order to minimize the security risk to Firefox users."

The security update only repairs the current list of known flaws.

The security update for the open source browser originally was slated to be released Feb. 21 but was pushed back to accommodate a fix for the location.hostname vulnerability. Michal Zalewski, a Polish security researcher, was the first to disclose the vulnerability last week on his mailing list, Full Disclosure. He wrote that the flaw is in the most recent version of the Firefox browser -- 2.0.0.1 -- but added that it affects other recent versions, as well.

The vulnerability allows malicious Web sites to manipulate authentication cookies for third-party sites.

On Thursday, Zalewski posted information on a memory-corruption issue that crashes the browser and puts users at risk of hackers gaining remote control of the infected machines.

"I noticed that Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability," he writes. "When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise."

Mozilla says it's working on that bug as well.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Commentary
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Mary E. Shacklett,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll