New Firefox ReleasedNew Firefox Released

The Mozilla Foundation Tuesday updated its Firefox stand-alone browser to version 1.0.5, fixing a dozen vulnerabilities that have popped up since the last minor upgrade two months ago.

Firefox 1.0.5, which has been in testing for several weeks, can be downloaded from the Mozilla Web site free of charge. "This is a collection of security bug fixes and stability improvements," said Chris Hofmann, Mozilla's director of engineering. "We're also trying to anticipate some potential security problems with this update by patching vulnerabilities that alone aren't that significant, but might be used together to create an exploit. Most of them involve quite a bit of user interaction." Overall, added Hofmann, the update is an attempt to "stay ahead of the bad guys." Among the fixes is one to a JavaScript spoofing error that Danish security firm Secunia said affected most browsers, including the then-current Firefox 1.0.4. The update also corrects the frame injection vulnerability that had crept back into the Firefox code in versions 1.0.3 and 1.0.4. Hofmann also said that similar updates for Thunderbird and the Mozilla suite would follow later this week, and that the second alpha for Firebird 1.1 -- dubbed Deer Park in an attempt to stop users from trying out the unready browser -- would appear sometime Tuesday. Deer Park is progressing, albeit slower than earlier Mozilla road maps, which as recently as January touted June as the release month for the final of 1.1. "We should have a beta version [of Deer Park] in about a month," said Hofmann. Firefox 1.1 will be the first version of the open-source browser to offer an internal software update mechanism that doesn't require a complete download and re-install to upgrade the code.