Mozilla releases security updates

By Candace Lombardi on 26 February 2007

Tags: apple | browser | firefox | linux | mac | mozilla | open source | windows | flaw | fix

Mozilla Firefox 2

Mozilla has released updates to its Firefox browser and Thunderbird e-mail client for Windows, Mac and Linux users, the organisation announced on Friday.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," Mozilla said in a post on its development site.

"This update resolves the location.hostname vulnerability and other security and stability issues," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement.

The location.hostname vulnerability that Schroepfer referred to was the Firefox cookie flaw discovered by Michal Zalewski, an "ethical hacker" from Poland.

In mid-February, Zalewski posted his proof-of-concept on a mailing list for other security experts. His note said that a flaw in Firefox could allow hackers to set or change cookies, permissions for Web site settings and passwords, for their own purposes. A fix for the high-impact flaw was made by Firefox developers last week.

This update includes the patch for that fix,as well as a fix for the critical level flaw involving memory corruption that can lead to crashes. That flaw left people using JavaScript in their mail -- a practice Mozilla "strongly discourages" -- open to attacks.

"Thanks to the work of our contributors we have been able to address these issues quickly in order to minimise the security risk to Firefox users," Schroepfer said.

The update is available in 37 languages from the GetFirefox.com and GetThunderbird.com Web sites for 1.5.0.10 versions of Firefox and Thunderbird, as well as Firefox 2.0.0.2. It is also scheduled to be available as of late Friday afternoon by clicking "Check for Updates..." in the Firefox Help menu.

Like this article? Click below to send it to your mobile for free!

Floyd Moortgat
25/06/2007 12:43 AM

I am very satisfied with Firefox

Report offensive content

  • Leave a comment

All fields marked with * are required

What do you think

Your e-mail will not be displayed

You must read and type the 6 chars within 0..9 and A..F

You must read and type the 6 chars.


  • Gmail gets colourful themes

  • Kevin Rudd joins Twitter

  • Gmail gets voice, video chat

  • Google, Telstra sign deal for Yellow Maps

  • Sensis kills its search, uses Google

  • Oi!: MTV Music is, like, the raddest thing ever

  • Britney arrives on Twitter

  • Oi!: An end to drunken, embarrassing emails?

  • Adobe Dreamweaver CS4

More articles »

Find the right software

Brand

    • Multiple options can be selected

    • Adobe Dreamweaver CS4

      Adobe Dreamweaver CS4

      Designers and editors who lean on Dreamweaver for complex dynamic websites will find plenty of tweaks and improvements in version 4.

    • Chrome (beta)

      Chrome (beta)

      Google has rethought the Internet browser — some of its basic underpinnings are quite novel — but users will recognise some features as they exist in other, open-source browsers on the market today.

    • Internet Explorer 8 Beta 2

      Internet Explorer 8 Beta 2

      Microsoft's release should retain its browser base but doesn't yet have enough to lure loyal Firefox users back to Internet Explorer.

    • MobileMe

      MobileMe

      MobileMe is the successor to .Mac, Apple's subscription service for publishing photos and other personal content to the Web.

    • Firefox 3

      Firefox 3

      If only for the speed, lightness of being and security alone, Firefox remains our Editors' Choice for best internet browser.

    More reviews »

    Membership benefits

    Contact community members

    Contact community members

    Add friends or tech gurus to you contacts and send them messages. Sign up for a free CNET Australia membership now!