The Channel logo

News

By | Kelly Fiveash 27th March 2008 11:56

Mozilla plugs 10 security holes in Firefox

Thunderbird not go with latest updates

Mozilla coughed its latest Firefox update this week and patched ten flaws – five of which were critical vulnerabilities – in the latest version of its browser.

The firm said it strongly recommended that Firefox fanciers upgrade to version 2.0.0.13 because of the number of security fixes built into the latest update.

Critical flaws that have now been patched in the Internet Explorer rival include a brace of exploits that could crash Firefox or its JavaScript engine and cause an arbitrary code execution.

The update, which applies to Windows, Mac and Linux-based machines, was pushed out automatically by Mozilla earlier this week.

Other vulnerabilities that have now been patched include a privacy issue with SSL client authentication, an HTTP referrer spoofing bug and a fix for a Java socket connection to any local port via LiveConnect.

However, the firm has not built the fixes into the latest version of its mail client Thunderbird, even though it shares five of the flaws. Mozilla’s David Ascher said on his blog last week that patches will not be available for “several weeks”.

In the meantime the firm advised the following: "Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail.

"This is not the default setting, and we strongly discourage users from running JavaScript in mail." ®

comment icon Read 50 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust