May 3, 2006 8:29 AM PDT

Firefox gets a fresh security update

Related Stories

Firefox to get phishing shield

March 8, 2006

Security update out for Firefox 1.5

February 2, 2006
Mozilla has issued a security update for its Firefox open-source browser, just weeks after it released a large fix to address several browser security flaws.

The Firefox 1.5.0.3 update is designed to address vulnerabilities in versions 1.5 through 1.5.0.2.

Malicious attackers could exploit the flaws to cause a denial-of-service attack, which in turn may allow them to take remote control of a user's system, according to an alert from security research company Secunia, which rates the flaw as "highly critical."

The flaws may be exploited when people attempt to engage a deleted component with designMode turned on. While this typically will crash the browser, it could also result in an attacker running malicious code, according to a Mozilla security advisory. Mozilla oversees the development of the Firefox browser.

The organization said it released the 1.5.0.3 version early to tackle the security issue. As a result, plans for a larger update will be bumped to version 1.8.0.4.

The latest security release follows one issued in mid-April. The 1.5.0.2 version was designed to address seven vulnerabilities, five of which were "critical" and could allow a malicious attacker to run code with virtually no user interaction.

See more CNET content tagged:
flaw, security update, attacker, Mozilla Corp., Firefox

10 comments

Join the conversation!
Add your comment
lucky me
firefox downloaded and installed the update within 5 minutes of it's being released. i love open-source programming....
Posted by Amazingant (146 comments )
Reply Link Flag
"...just weeks after..."
Wikipedia policies would call these "weasel words," because they imply something without being obvious. The implication is that Mozilla didn't get its act together the first time, and had to issue two patches.

But of course that's not a bad thing, it's a good thing. It's the openness of open-source at work. "With enough eyes, all bugs become shallow." The bugs are exposed and fixed at a rapid rate, not "security through obscurity" and then waiting for the next Service Pack release.

The reporter could have gotten a comment from someone talking about the development methodology in the Firefox project.
Posted by (54 comments )
Reply Link Flag
OTOH
Can't really remember many security downloads for Opera 8.
Posted by DryHeatDave (79 comments )
Link Flag
C|net, I believe 1.5.0.4 will follow 1.5.0.3
not 1.8.0.4. Just a thought.

From the article:

"The organization said it released the 1.5.0.3 version early to tackle the security issue. As a result, plans for a larger update will be bumped to version 1.8.0.4."
Posted by The_Nirvana (104 comments )
Reply Link Flag
Dont blame IE only
I am happy!

The ExplorerDestroyer campaigners note this: even FireFox browser is not secure and have got critical vulnerabilities.
It is not only IE, all will have to go through this. But they behave as if IE is the worst of all.
And mind that, people try to find MS-IE problems quicker as they want to target 70% of users, not mere 10%.
So even FireFox is no super-browser.

(Note: I use both of them, so it is not that I am biased. Just be fair.)
Posted by slaha11 (8 comments )
Reply Link Flag
Its how bugs are fixed...
I have used both too (and dabbled with Opera) ... its a matter of bugs are addressed and how quickly they are fixed. For now FF is 'miles' ahead on that score.
Posted by KsprayDad (375 comments )
Link Flag
who said firefox rox (it actaully does btw )
@slaha11

well well..nobody told firefox is the best browser...and the explorerdestroy campaigners were well aware of this fact..
what differentiates firefox from internet explorer is what ppl commented in the posts..

one goes like this "days after 1.5.0.2"
is that a matter of shame..certainly is not..
what would have microsoft done for the same issue..
if i am right..
and if you are not usin IE7..your IE would be IE6 datin back to some 2001..
go to about and see from (C)199*-2001 ? microsoft...

so what did microsoft do in all these years..
famous for their snaggness in bringin out security updates..who would prefer IE ?

firefox will be and should be targetted by malacious code wirters..but since our browser is an open source thing..we would come up with quick and effective workarounds..
its not a matter of shame for firefox users..rather it should be like this..

ppl somewhere in the world are keen in my security and it was only yest they fixed 'nother bug..

keep it up mozilla

btw..author is noway connected to mozilla.org..
yeah..i use firefox

cheers ppl.
have a nice day
Posted by jeffjose (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.