Mozilla Updates For Security

    April 16, 2005

To address security vulnerabilities, the Mozilla Foundation has put out new versions of Firefox and the Mozilla suite of programs.

The Mozilla Foundation is keeping its promise of not realeasing any new major versions of the software but continuing to release security updates.

According to an eWeek article,

“The vulnerabilities addressed by the new versions include three critical bugs in Firefox, two of which are also present in Mozilla. All seven vulnerabilities addressed in the Mozilla fix are also present in the Firefox upgrade, which also contains two fixes specific to it. No changes were announced in the Thunderbird mail client.

The three critical fixes involve two cases of arbitrary code execution and one of privilege escalation. In the first, an error in the support for “favicons” could allow a script to run with elevated privileges and install or run malicious software. The second, specific to Firefox, allows malicious scripts to open a privileged page in the sidebar and then inject script that can be used to install malicious code or steal data.

The third bug appears to involve UI code executing user scripts in an inappropriately privileged fashion. Mozilla is withholding further details on this bug until April 25. “

The new updates are the third major set since late February.

WebProNews | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.