Saturday, February 24, 2007

Mozilla Fixes Firefox Bugs

Mozilla Corp. has released an update to its Firefox browser, fixing a number of security flaws in the product.

The Firefox 2.0.0.2 release includes a fix for a bug disclosed by security researcher Michal Zalewsky last week. That flaw can be exploited by attackers to manipulate cookie information in the Firefox browser, making it probably the most important fix in the update, according to Window Snyder, Mozilla's head of security strategy.

"The potential to compromise a user's account is almost as serious as compromising their machine," she said Friday via instant message. "Since the details of how to exploit the vulnerability are publicly available the risk to users is increased."

The updates also include a fix for a previously undisclosed memory corruption flaw in the browser that could be exploited to run unauthorized software on a Firefox user's computer.

This flaw could also affect Thunderbird users who have configured their mail client to run JavaScript automatically, something that Mozilla does not recommend. Thunderbird is Mozilla's free e-mail client.

The patches were released on Friday afternoon and should soon be delivered via Firefox's automatic software update mechanism, Snyder said.

Mozilla has patched a total of seven Firefox bugs and is also addressing two bugs in Thunderbird.

The latest browser release also includes enhancements to make it run better with Windows Vista as well as support for the Afrikaans, Belarusian, Georgian and Kurdish languages.

No comments: