Mozilla zaps Firefox security bugs

Mozilla zaps Firefox security bugs

Summary: Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser. The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux).

SHARE:
TOPICS: Browser
3
Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser.

The batch of patches apply to users of Firefox 1.5.0.10 and Firefox 2.0.0.2 (Windows, Mac, and Linux) and are available as a free download at getfirefox.com.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," said Mike Schroepfer, vice president of engineering at Mozilla.

The patches will be released over the next 24 to 48 hours via the automatic update mechanism in Firefox 1.5.0.x an d Firefox 2.0.0.x. Starting later today, users can the upgrade from the "Check for Updates" feature in the Help menu.

Note: Support for Firefox 1.5.0.x ends on April 24, 2007. After that, Mozilla will no longer ship security and stability updates for older browser versions]

Today's update covers these seven security bugs:

  • MFSA 2007-07: Embedded nulls in location.hostname confuse same-domain checks
  • MFSA 2007-06: Mozilla Network Security Services (NSS) SSLv2 buffer overflow
  • MFSA 2007-05: XSS and local file access by opening blocked popups
  • MFSA 2007-04: Spoofing using custom cursor and CSS3 hotspot
  • MFSA 2007-03: Information disclosure through cache collisions
  • MFSA 2007-02: Improvements to help protect against Cross-Site Scripting attacks
  • MFSA 2007-01: Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

  • Also see: Is the the month of Firefox bugs?

    Topic: Browser

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Talkback

    3 comments
    Log in or register to join the discussion
    • Well that didn't take long!

      ]:)
      Linux User 147560
      • Indeed. I turned on the PC this morning and it auto installed.

        ;-)
        bportlock
      • I agree, it didn't take long for them to drop 1.5 support

        April 24th?! Could you imagine the outcry if MS stopped supporting IE6 that soon after IE7 was released?
        PB_z