Mozilla zaps Firefox security bugs

Summary:Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser. The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux).

Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser.

The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux) and are available as a free download at getfirefox.com.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," said Mike Schroepfer, vice president of engineering at Mozilla.

The patches will be released over the next 24 to 48 hours via the automatic update mechanism in Firefox 1.5.0.x an d Firefox 2.0.0.x. Starting later today, users can the upgrade from the "Check for Updates" feature in the Help menu.

Note: Support for Firefox 1.5.0.x ends on April 24, 2007. After that, Mozilla will no longer ship security and stability updates for older browser versions]

Today's update covers these seven security bugs:

  • MFSA 2007-07: Embedded nulls in location.hostname confuse same-domain checks
  • MFSA 2007-06: Mozilla Network Security Services (NSS) SSLv2 buffer overflow
  • MFSA 2007-05: XSS and local file access by opening blocked popups
  • MFSA 2007-04: Spoofing using custom cursor and CSS3 hotspot
  • MFSA 2007-03: Information disclosure through cache collisions
  • MFSA 2007-02: Improvements to help protect against Cross-Site Scripting attacks
  • MFSA 2007-01: Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
  • Also see: Is the the month of Firefox bugs?

    Topics: Browser

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.