Mozilla: Patch Firefox now

Mozilla: Patch Firefox now

Summary: Eight vulnerabilities in the popular open-source browser have been fixed, of which five were rated 'critical'

TOPICS: Security

Firefox users have been urged to update their browser immediately after Mozilla, the organisation behind the popular browser, said it had fixed eight vulnerabilities in Firefox 2.0.

Mozilla said five of the eight vulnerabilities were 'critical', meaning an attacker could exploit the weaknesses to run malicious code on the compromised machine. Seven vulnerability updates have been issued for the previous version of Firefox, version 1.5, of which five are rated as critical. Mozilla also urged users of its Thunderbird email application to download several security updates.

The updated version was made available on Tuesday evening. It can be downloaded from Mozilla's website. Firefox users who have set their browser to receive automatic updates will be notified or sent the update, depending on their preferences.

The updates to Firefox 2.0 are the first since its release in late October. They cover flaws in memory corruption, and the way the browser executes RSS, Javascript and CSS code.

Version 1.5 has already seen a whole raft of updates, including the patching of other critical vulnerabilities in November.

According to Mozilla developers, the Firefox updates will work with Vista, which was released to businesses three weeks ago.

Security research organisation Secunia rated the Mozilla flaws as 'highly critical' and described the threats in detail on its site.

Tristan Nitot, president of Mozilla Europe, confirmed that Mozilla plans to drop support for Firefox 1.5 on 24 April, 2007, not October 2007 as previously reported. "We are consistent with our approach, which is to support a version, in this case 1.5.0.x, for six months after the following version, in this case Firefox 2," Nitot said.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • FF auto updated

    Haven't missed a patch since the automatic updates were added, and with FF now enabled to allow major version updates along side minor version updates, the Mozilla team have the patch-roll outs in check to keep everyone happy.