Firefox update patches security holes

Mozilla has sent out an update to Firefox, designed to address seven security flaws in the open-source Web browser.

Firefox 1.5.0.7, released Thursday, tackles a problem that lets outsiders run code remotely and aims to improve the product's stability.

Of the seven vulnerabilities fixed, four are rated "critical" by Mozilla. The new browser version addresses the circumvention of security via an RSA signature forgery flaw, as well as cross-site scripting vulnerabilities. In addition, it patches a JavaScript regular expression heap corruption issue and a memory corruption issue that could lead to the execution of code.

While the update addressed four critical flaws, it was less extensive than one released in July that contained fixes for seven flaws.

The release of Firefox 1.5.0.7 comes alongside the online publication of exploits to attack Microsoft's Internet Explorer. The 5.01 and 6 versions of the Web browser, running on all current versions of the Windows operating system, are affected.

[ejevo]

So why hasn't FF alerted me?

FF can be a great browser, but I keep finding glitches that drag it back down to the level of IE, albeit not nearly as bad from a security standpoint, but not such that it can crow about its features, either.

Why does it take days before FF alerts to the fact that it has an update available? I should be finding out about updates available from the update feature, not from reading about them in the press a day after they've been released.

[Lindy01]

OMG!!!!!!!!!!!!!!!!!!

Ditch FF and got to IE!!!!!!!!!!!!!!!! What shody, horrible open source JUNK!!!!!!!!!!!!!!!!!!

Stop the open source movement its run by Terror groups and they greatly contribute to global warming, and the third world starving!!!!!!!!!!!

Seriously...software is complicated and made by humans and will have bugs....whether its from MS or anyone else.

Compare the comments on this article to the other one today where IE had a new bug....it was a CNET, liberal, commie, MS Bash Fest!

[sportav]

Bookmarks bug

The bug on my XT box at work (Ugh) locks up the program when you simply hover over the bookmarks menu. Also, news videos on CNN and MSNBC do not run.

[mjm01010101]

CNN videos don't even work for me in IE, never have

CNN videos don't even work for me in IE, never have

As for MSN, you must use IE for that.

Just go elsewhere for your videos, not like there isn't a plethora of sites that DO work.

[lucifinil]

Share police stories and news

Share police stories and news

Check the news from police.vost.com

military friends, military networking military network, military
social, finding friends, blogs, blogging, group, forum, military community,
search people, message, military photo, military image, love, dating,
sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill,
war. 14

[lucifinil]

Share police stories and news

Share police stories and news

Check the news from police.vost.com

military friends, military networking military network, military
social, finding friends, blogs, blogging, group, forum, military community,
search people, message, military photo, military image, love, dating,
sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill,
war. 39

[aSiriusTHoTH]

bulky, crashy, trashy...

I don't know about anyone else but for me FF has started to become bulky, crashy, and trashy. I can open up 4 - 5 tabs and easily see FF using over 150MB of ram and even higher. It will slow my computer down and eventually crash. This is across a network of 30+ computers.

Is it really time to start using Opera on our network?????

[aSiriusTHoTH]

moron

Stick to the story and get off the liberal/commie crap. I tend to lean to the left a bit and I don't like IE. Jumping to the politics right away, is just stupid.. its about FireFox.. not any moronic conclusions you have... get over it!

[gefitz]

When's Auto-Update WITHOUT USER INPUT coming?

When's Firefox going to come with functionality to automatically update Firefox WITHOUT USER INPUT? Am I missing that, or is it really not possible?

I'd love to get Firefox onto my corporate desktops, but trusting users to apply updates when they are available is simply NOT an option...