Mozilla Patches 13 Firefox Flaws

Mozilla rolls out a Firefox security update that patches 13 vulnerabilities, 8 of them judged "critical." The overall update has been tagged as "highly critical."

July 27, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Mozilla Corp. late Wednesday began rolling out a Firefox security update that patched 13 vulnerabilities, 8 of them judged "critical" by the Mountain View, Calif. open-source developer.

The update, which brings Firefox to 1.5.0.5, automatically downloads to existing copies of Firefox 1.5.x, but can also be retrieved in its entirety from the Mozilla Web site in versions for Windows, Linux, Mac OS X in 37 localized editions.

All 8 of the bugs tagged "critical" by Mozilla involve vulnerabilities and/or errors in JavaScript, the scripting language heavily used by the browser. JavaScript, like the ActiveX controls in the rival browser Internet Explorer, is the dominant source of Firefox flaws.

Danish vulnerability tracker Secunia tagged the overall update as "highly critical," the second-from-the-top threat ranking. "[These] multiple vulnerabilities can be exploited to conduct cross-site scripting attacks or compromise a user's system," Secunia's online research note read.

A majority of the bugs will allow an attacker to introduce his own code to a vulnerable system; several of them can be exploited by posting malicious code or content on Web sites and enticing users to visit those sites. One of the critical flaws was credited to HD Moore, the Metasploit Framework co-creator who is posting browser vulnerabilities throughout July on his blog; another was credited to TippingPoint's Zero Day Initiative, one of the two bounty-for-bugs program.

On Thursday, Mozilla updated its Thunderbird e-mail client to 1.5.0.5 by fixing 12 flaws, only one of which was elevated to "critical" (10 were labeled as "moderate"); the independent SeaMonkey project, which took over development of what had been the Mozilla browsing suite, posted fixes to the SeaMonkey bundle as well. Version 1.0.3, which can be downloaded from here, patched 14 vulnerabilities, all but one shared with Firefox.

The next-generation Firefox, meanwhile, continues to evolve on a separate track. Firefox 2.0 -- which released in Beta 1 two weeks ago -- is to move to Beta 2 on Aug. 8 and ship in final form on Sept. 26, according to a Mozilla release calendar.

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events