Mozilla zaps Firefox security bugs

Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser. The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux).

Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser.

The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux) and are available as a free download at getfirefox.com.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," said Mike Schroepfer, vice president of engineering at Mozilla.

The patches will be released over the next 24 to 48 hours via the automatic update mechanism in Firefox 1.5.0.x an d Firefox 2.0.0.x. Starting later today, users can the upgrade from the "Check for Updates" feature in the Help menu.

Note: Support for Firefox 1.5.0.x ends on April 24, 2007. After that, Mozilla will no longer ship security and stability updates for older browser versions]

Today's update covers these seven security bugs:

  • MFSA 2007-07: Embedded nulls in location.hostname confuse same-domain checks
  • MFSA 2007-06: Mozilla Network Security Services (NSS) SSLv2 buffer overflow
  • MFSA 2007-05: XSS and local file access by opening blocked popups
  • MFSA 2007-04: Spoofing using custom cursor and CSS3 hotspot
  • MFSA 2007-03: Information disclosure through cache collisions
  • MFSA 2007-02: Improvements to help protect against Cross-Site Scripting attacks
  • MFSA 2007-01: Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
  • Also see: Is the the month of Firefox bugs?

    Newsletters

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.
    See All