Firefox update patches security holes

Mozilla has sent out an update to Firefox, designed to address seven security flaws in the open-source Web browser.

Firefox 1.5.0.7, released Thursday, tackles a problem that lets outsiders run code remotely and aims to improve the product's stability.

Of the seven vulnerabilities fixed, four are rated "critical" by Mozilla. The new browser version addresses the circumvention of security via an RSA signature forgery flaw, as well as cross-site scripting vulnerabilities. In addition, it patches a JavaScript regular expression heap corruption issue and a memory corruption issue that could lead to the execution of code.

While the update addressed four critical flaws, it was less extensive than one released in July that contained fixes for seven flaws.

The release of Firefox 1.5.0.7 comes alongside the online publication of exploits to attack Microsoft's Internet Explorer. The 5.01 and 6 versions of the Web browser, running on all current versions of the Windows operating system, are affected.

[ejevo]

So why hasn't FF alerted me?

FF can be a great browser, but I keep finding glitches that drag it back down to the level of IE, albeit not nearly as bad from a security standpoint, but not such that it can crow about its features, either.<br /><br />Why does it take days before FF alerts to the fact that it has an update available? I should be finding out about updates available from the update feature, not from reading about them in the press a day after they've been released.

[System Tyrant]

Worked for me.

Mine downloaded and installed the upgrade last night. For me it's usually only a day before the update comes in.

[Dalkorian]

some things to check ...

If FF isn't updating itself for you, you can set it to do so. Confirm <br />the following settings:<br /><br />Tools -&gt; Options -&gt; Advanced -&gt;Update<br /><br />1. Double-check that the checkbox next to Firefox is checked <br />(otherwise it's not looking for updates:)). I also have the others <br />checked as well ("Installed Extensions and Themes" as well as <br />"Search Engines").<br /><br />2. Check the radio button next to either "Ask me what I want to <br />do" or "Automatically download and install update" for "When <br />updates to Firefox are found", depending on your preference (I <br />have mine to "Automatically download and install update", but <br />you might not want things happening behind your back :)).<br /><br />3. Remember it's not likely to update itself unless it's running - <br />in other words if you haven't used FF over the last week (or only <br />used it for a few minutes at a time and then quit the program) <br />it's probably not tried to update itself yet, but should (silently) <br />do so when you fire it up. Also, consider what would happen to <br />Mozilla if all FF copies in the world hit their server <br />simutaneously. I'm sure they've mitigated against this by having <br />each copy pick a random day or time to check for updates, so <br />even if you have had it running 24/7 for the last month it might <br />not have "been it's time" yet.<br /><br />Of course if you don't want to wait, you can "force" an update <br />anytime through the help menu.<br /><br />Is FF the perfect browser? LOL. Software isn't perfect, that's a <br />simple fact of life. What's good about FF (besides being open <br />source and all that good stuff) is it isn't integrated perversely <br />with the OS like some other crapware browsers out there (yeah, <br />you KNOW what I'm talking about!). Oh, it tends to get fixed <br />faster too.

[SeizeCTRL]

Strange

I got the update notice Thursday around 9:30pm EST and had no idea it was coming out. That's why I love FF. Very quick to respond and get the patches out. IE you have to wait for patch Tuesday and for Microsoft Update to push it down to your PC. FF completely automatic!

[Penguinisto]

Mine updated automatically

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060913 Fedora/1.5.0.7-1.fc5 Firefox/1.5.0.7 pango-text<br /><br />It nicely informed me as soon as I had shut it off and re-started it today (shrug).

[Lindy01]

OMG!!!!!!!!!!!!!!!!!!

Ditch FF and got to IE!!!!!!!!!!!!!!!! What shody, horrible open source JUNK!!!!!!!!!!!!!!!!!!<br /><br />Stop the open source movement its run by Terror groups and they greatly contribute to global warming, and the third world starving!!!!!!!!!!!<br /><br />Seriously...software is complicated and made by humans and will have bugs....whether its from MS or anyone else.<br /><br />Compare the comments on this article to the other one today where IE had a new bug....it was a CNET, liberal, commie, MS Bash Fest!

[sportav]

Bookmarks bug

The bug on my XT box at work (Ugh) locks up the program when you simply hover over the bookmarks menu. Also, news videos on CNN and MSNBC do not run.

[mjm01010101]

CNN videos don't even work for me in IE, never have

CNN videos don't even work for me in IE, never have<br /><br />As for MSN, you must use IE for that.<br /><br />Just go elsewhere for your videos, not like there isn't a plethora of sites that DO work.

[groink_hi]

Huh?

Looks like you posted under the wrong article. This article doesn't have anything to do with CNN, videos, or Internet Explorer.

[cary1]

What???

I just played this one in IE and it worked:<br /><br /><a class="jive-link-external" href="http://www.cnn.com/video/player/player.html?url=/video/us/2006/09/18/sot.mo.missing.baby.grandparents.ksdk&#38;wm=11" target="_newWindow">http://www.cnn.com/video/player/player.html?url=/video/us/2006/09/18/sot.mo.missing.baby.grandparents.ksdk&#38;wm=11</a><br /><br />The video is in WMV format... It's not possible that it won't play in IE

[lucifinil]

Share police stories and news

Share police stories and news<br /><br />Check the news from police.vost.com<br /><br />military friends, military networking military network, military <br />social, finding friends, blogs, blogging, group, forum, military community, <br />search people, message, military photo, military image, love, dating, <br />sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill, <br />war. 14

[lucifinil]

Share police stories and news

Share police stories and news<br /><br />Check the news from police.vost.com<br /><br />military friends, military networking military network, military <br />social, finding friends, blogs, blogging, group, forum, military community, <br />search people, message, military photo, military image, love, dating, <br />sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill, <br />war. 39

[aSiriusTHoTH]

bulky, crashy, trashy...

I don't know about anyone else but for me FF has started to become bulky, crashy, and trashy. I can open up 4 - 5 tabs and easily see FF using over 150MB of ram and even higher. It will slow my computer down and eventually crash. This is across a network of 30+ computers.<br /><br />Is it really time to start using Opera on our network?????

[aSiriusTHoTH]

moron

Stick to the story and get off the liberal/commie crap. I tend to lean to the left a bit and I don't like IE. Jumping to the politics right away, is just stupid.. its about FireFox.. not any moronic conclusions you have... get over it!

[gefitz]

When's Auto-Update WITHOUT USER INPUT coming?

When's Firefox going to come with functionality to automatically update Firefox WITHOUT USER INPUT? Am I missing that, or is it really not possible?<br /><br />I'd love to get Firefox onto my corporate desktops, but trusting users to apply updates when they are available is simply NOT an option...