Mozilla quashes Firefox JavaScript peril

By John Leyden → More by this author

1 Jun 2007 14:37

Vista stability also improved by critical browser update

Firefox users need to update their browser software following the release of updates designed to fix multiple security vulnerabilities.

Security bugs in the JavaScript engine used by the popular open source browser might be exploited to corrupt system memory, a type of attack that could allow hackers to inject hostile code onto vulnerable PCs.

There's also a flaw in the handling of XUL popups that means it might be possible to spoof the browser's location bar, a type of attack that phishing fraudsters would doubtless find useful.

There's little or no evidence that the flaws have been exploited to conduct hostile attacks, as yet. Nonetheless, users would be well advised to upgrade to version 2.0.0.4 or 1.5.0.12 of Firefox, just to be on the safe side. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail, something that isn't a default setting and not recommended by the Mozilla Foundation.

Thunderbird users who nonetheless run JavaScript in mail received by the email client are advised to upgrade to version 2.0.0.4 or 1.5.0.12 of the software. SeaMonkey application suite users who enable JavaScript in emails need to upgrade to SeaMonkey version 1.0.9 and 1.1.2 for similar reasons.

As well as fixing various security bugs, Mozilla has introduced modifications with version 2.0.0.4 of its browser to enhance stability and improve support for Vista.

More background can be found via an advisory from the Mozilla Foundation here. ®

17 comments posted — Comment period finished

Track this type of story as a custom Atom/RSS feed or by email.

Bad hair day for alternative browser users (19 October 2007)
Mozilla creates start-up to recruit email developers (18 September 2007)
Making open-source browsing safe for the masses (2 August 2007)
Firefox lances IE bug (18 July 2007)
A serious browser vulnerability, but whose? (11 July 2007)
Insecure plug-ins pose danger to Firefox users (1 June 2007)
Mozilla seeks security researchers to look at alpha code (10 April 2007)
Firefox update fixes compatibility snags (22 March 2007)
Mozilla patches faulty patch (7 March 2007)
Firefox fix lances memory corruption bug (26 February 2007)
Vista security overview: too little too late (20 February 2007)

Top 20 stories All The Week’s Headlines

Whitepapers
How to Choose the Right Virtualization Technology For Your Environment Live Migration with AMD-V™ Extended Migration Technology The Evolving Security Landscape Combating the increasing cost of email

Breaking Hardware News

Dell adds multi-touch to Latitude XT

Bigger SSD drives too

Dell has announced it's incorporating touch-screen functionality - in the form of an easy-to-install firmware upgrade - on it's Latitude XT tablets.

Get the ChannelReg newsletters

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Server Consolidation and Containment
With Virtual Infrastructure
SSL in High-Security Browsers
The Browser Security Revolution
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
How IT Management Can "Green" the Data Center
A Gartner Report

Top Stories