Firefox gets a fresh security update

Mozilla has issued a security update for its Firefox open-source browser, just weeks after it released a large fix to address several browser security flaws.

The Firefox 1.5.0.3 update is designed to address vulnerabilities in versions 1.5 through 1.5.0.2.

Malicious attackers could exploit the flaws to cause a denial-of-service attack, which in turn may allow them to take remote control of a user's system, according to an alert from security research company Secunia, which rates the flaw as "highly critical."

The flaws may be exploited when people attempt to engage a deleted component with designMode turned on. While this typically will crash the browser, it could also result in an attacker running malicious code, according to a Mozilla security advisory. Mozilla oversees the development of the Firefox browser.

The organization said it released the 1.5.0.3 version early to tackle the security issue. As a result, plans for a larger update will be bumped to version 1.8.0.4.

The latest security release follows one issued in mid-April. The 1.5.0.2 version was designed to address seven vulnerabilities, five of which were "critical" and could allow a malicious attacker to run code with virtually no user interaction.

[Amazingant]

lucky me

firefox downloaded and installed the update within 5 minutes of it's being released. i love open-source programming....

"...just weeks after..."

Wikipedia policies would call these "weasel words," because they imply something without being obvious. The implication is that Mozilla didn't get its act together the first time, and had to issue two patches.

But of course that's not a bad thing, it's a good thing. It's the openness of open-source at work. "With enough eyes, all bugs become shallow." The bugs are exposed and fixed at a rapid rate, not "security through obscurity" and then waiting for the next Service Pack release.

The reporter could have gotten a comment from someone talking about the development methodology in the Firefox project.

[The_Nirvana]

C|net, I believe 1.5.0.4 will follow 1.5.0.3

not 1.8.0.4. Just a thought.

From the article:

"The organization said it released the 1.5.0.3 version early to tackle the security issue. As a result, plans for a larger update will be bumped to version 1.8.0.4."

[slaha11]

Dont blame IE only

I am happy!

The ExplorerDestroyer campaigners note this: even FireFox browser is not secure and have got critical vulnerabilities.
It is not only IE, all will have to go through this. But they behave as if IE is the worst of all.
And mind that, people try to find MS-IE problems quicker as they want to target 70% of users, not mere 10%.
So even FireFox is no super-browser.

(Note: I use both of them, so it is not that I am biased. Just be fair.)

[jeffjose]

who said firefox rox (it actaully does btw )

@slaha11

well well..nobody told firefox is the best browser...and the explorerdestroy campaigners were well aware of this fact..
what differentiates firefox from internet explorer is what ppl commented in the posts..

one goes like this "days after 1.5.0.2"
is that a matter of shame..certainly is not..
what would have microsoft done for the same issue..
if i am right..
and if you are not usin IE7..your IE would be IE6 datin back to some 2001..
go to about and see from (C)199*-2001 ? microsoft...

so what did microsoft do in all these years..
famous for their snaggness in bringin out security updates..who would prefer IE ?

firefox will be and should be targetted by malacious code wirters..but since our browser is an open source thing..we would come up with quick and effective workarounds..
its not a matter of shame for firefox users..rather it should be like this..

ppl somewhere in the world are keen in my security and it was only yest they fixed 'nother bug..

keep it up mozilla

btw..author is noway connected to mozilla.org..
yeah..i use firefox

cheers ppl.
have a nice day