Mozilla fixes critical Firefox bugs

The Mozilla Foundation has patched two “extremely critical” security holes in its Firefox browser that were reported earlier this week. The flaws have been patched in a Firefox 1.0.4 release, which was posted to the Mozilla.org Web site late Wednesday.

When used in tandem, the two bugs could be used by an attacker to take control of the Firefox user’s system, by exploiting the way Firefox handles software installations from certain trusted Web sites. Firefox automatically allows software to be installed from update.mozilla.org and addons.mozilla.org, but users who want to add software from other Web sites can add to this trusted list.

Earlier this week, The Mozilla Foundation made changes to Mozilla.org, which protected most users. But Web surfers who had added other Web sites to their trusted list were still vulnerable, said Chris Hofmann director of engineering with The Mozilla Foundation.

Danish security firm Secunia has rated the exploit as “extremely critical,” marking the first time a flaw in the open-source browser had received its most serious security rating.

Firefox has gained market share against Microsoft Corp.’s Internet Explorer over the past year, in part because it has been considered less vulnerable to attacks. Since the Firefox 1.0 release last November, however, a number of vulnerabilities have been discovered in the browser.

The Mozilla Foundation reports nearly 54 million Firefox downloads since the 1.0 release. Firefox has 6.8 percent of the browser market, according to WebSideStory Inc. But Internet Explorer is still used by nearly 89 percent of Web surfers, according to the research firm.

The 1.0.4 update also fixes two other minor security bugs as well as the way Firefox handles DHTML (dynamic Hypertext Markup Language), said Hofmann. The DHTML bug caused “uncaught exception” errors to pop up on some Web pages in the 1.0.3 version of the browser.

More information on the new Firefox release can be found at this site http://www.mozilla.org/products/firefox/releases/1.0.4.html

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now