Mozilla Patches 12 Firefox Flaws

Mozilla Corp. on Thursday patched its Firefox browser against 12 vulnerabilities, 5 of them labeled "critical" by the Mountain View, Calif. company.

Firefox 1.5.0.4 is the fourth security update to the 1.5 edition of the browser since it released last November. The number of holes plugged in 1.5.0.4, however, is only half that of April's mega-patch, when 24 total, 11 of them "critical," were fixed.

Danish vulnerability tracker Secunia tagged the update with a "highly critical" rating, it's second highest ranking.

Some of the flaws could be used by attackers to generate buffer overflows, which can lead to further system access, including planting malicious code on the computer, Secunia noted. Others would let attackers run malicious JavaScript without the user's permission.

A list of the bugs patched by 1.5.0.4 can be found on the Mozilla Foundation's Web site.Mozilla also patched its Thunderbird e-mail client, fixing 8 flaws by releasing version 1.5.0.4; meanwhile, the separate SeaMonkey project rolled out its 1.0.2 version, the follow-up to the now-defunct Mozilla browsing suite, and fixed a long list of bugs.

This is the second update of Firefox since Mozilla announced it was ending support for the older Firefox 1.x line.

Firefox and Thunderbird can be downloaded from the Mozilla Corp. site, while SeaMonkey can be found here. Users of Firefox and Thunderbird 1.5.x, however, can wait for those programs' automatic update functions to kick in and retrieve the smaller-sized update files.