September 15, 2006 12:54 PM PDT

Firefox update patches security holes

Mozilla has sent out an update to Firefox, designed to address seven security flaws in the open-source Web browser.

Firefox 1.5.0.7, released Thursday, tackles a problem that lets outsiders run code remotely and aims to improve the product's stability.

Of the seven vulnerabilities fixed, four are rated "critical" by Mozilla. The new browser version addresses the circumvention of security via an RSA signature forgery flaw, as well as cross-site scripting vulnerabilities. In addition, it patches a JavaScript regular expression heap corruption issue and a memory corruption issue that could lead to the execution of code.

While the update addressed four critical flaws, it was less extensive than one released in July that contained fixes for seven flaws.

The release of Firefox 1.5.0.7 comes alongside the online publication of exploits to attack Microsoft's Internet Explorer. The 5.01 and 6 versions of the Web browser, running on all current versions of the Windows operating system, are affected.

See more CNET content tagged:
flaw, patch management, Firefox, open source, Mozilla Corp.

15 comments

Join the conversation!
Add your comment
So why hasn't FF alerted me?
FF can be a great browser, but I keep finding glitches that drag it back down to the level of IE, albeit not nearly as bad from a security standpoint, but not such that it can crow about its features, either.

Why does it take days before FF alerts to the fact that it has an update available? I should be finding out about updates available from the update feature, not from reading about them in the press a day after they've been released.
Posted by ejevo (134 comments )
Reply Link Flag
Worked for me.
Mine downloaded and installed the upgrade last night. For me it's usually only a day before the update comes in.
Posted by System Tyrant (1453 comments )
Link Flag
some things to check ...
If FF isn't updating itself for you, you can set it to do so. Confirm
the following settings:

Tools -> Options -> Advanced ->Update

1. Double-check that the checkbox next to Firefox is checked
(otherwise it's not looking for updates:)). I also have the others
checked as well ("Installed Extensions and Themes" as well as
"Search Engines").

2. Check the radio button next to either "Ask me what I want to
do" or "Automatically download and install update" for "When
updates to Firefox are found", depending on your preference (I
have mine to "Automatically download and install update", but
you might not want things happening behind your back :)).

3. Remember it's not likely to update itself unless it's running -
in other words if you haven't used FF over the last week (or only
used it for a few minutes at a time and then quit the program)
it's probably not tried to update itself yet, but should (silently)
do so when you fire it up. Also, consider what would happen to
Mozilla if all FF copies in the world hit their server
simutaneously. I'm sure they've mitigated against this by having
each copy pick a random day or time to check for updates, so
even if you have had it running 24/7 for the last month it might
not have "been it's time" yet.

Of course if you don't want to wait, you can "force" an update
anytime through the help menu.

Is FF the perfect browser? LOL. Software isn't perfect, that's a
simple fact of life. What's good about FF (besides being open
source and all that good stuff) is it isn't integrated perversely
with the OS like some other crapware browsers out there (yeah,
you KNOW what I'm talking about!). Oh, it tends to get fixed
faster too.
Posted by Dalkorian (3000 comments )
Link Flag
Strange
I got the update notice Thursday around 9:30pm EST and had no idea it was coming out. That's why I love FF. Very quick to respond and get the patches out. IE you have to wait for patch Tuesday and for Microsoft Update to push it down to your PC. FF completely automatic!
Posted by SeizeCTRL (1333 comments )
Link Flag
Mine updated automatically
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.7) Gecko/20060913 Fedora/1.5.0.7-1.fc5 Firefox/1.5.0.7 pango-text

It nicely informed me as soon as I had shut it off and re-started it today (shrug).
Posted by Penguinisto (5042 comments )
Link Flag
OMG!!!!!!!!!!!!!!!!!!
Ditch FF and got to IE!!!!!!!!!!!!!!!! What shody, horrible open source JUNK!!!!!!!!!!!!!!!!!!

Stop the open source movement its run by Terror groups and they greatly contribute to global warming, and the third world starving!!!!!!!!!!!

Seriously...software is complicated and made by humans and will have bugs....whether its from MS or anyone else.

Compare the comments on this article to the other one today where IE had a new bug....it was a CNET, liberal, commie, MS Bash Fest!
Posted by Lindy01 (443 comments )
Reply Link Flag
Bookmarks bug
The bug on my XT box at work (Ugh) locks up the program when you simply hover over the bookmarks menu. Also, news videos on CNN and MSNBC do not run.
Posted by sportav (25 comments )
Reply Link Flag
CNN videos don't even work for me in IE, never have
CNN videos don't even work for me in IE, never have

As for MSN, you must use IE for that.

Just go elsewhere for your videos, not like there isn't a plethora of sites that DO work.
Posted by mjm01010101 (126 comments )
Reply Link Flag
Huh?
Looks like you posted under the wrong article. This article doesn't have anything to do with CNN, videos, or Internet Explorer.
Posted by groink_hi (380 comments )
Link Flag
What???
I just played this one in IE and it worked:

<a class="jive-link-external" href="http://www.cnn.com/video/player/player.html?url=/video/us/2006/09/18/sot.mo.missing.baby.grandparents.ksdk&#38;wm=11" target="_newWindow">http://www.cnn.com/video/player/player.html?url=/video/us/2006/09/18/sot.mo.missing.baby.grandparents.ksdk&#38;wm=11</a>

The video is in WMV format... It's not possible that it won't play in IE
Posted by cary1 (924 comments )
Link Flag
Share police stories and news
Share police stories and news

Check the news from police.vost.com

military friends, military networking military network, military
social, finding friends, blogs, blogging, group, forum, military community,
search people, message, military photo, military image, love, dating,
sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill,
war. 14
Posted by lucifinil (22 comments )
Reply Link Flag
Share police stories and news
Share police stories and news

Check the news from police.vost.com

military friends, military networking military network, military
social, finding friends, blogs, blogging, group, forum, military community,
search people, message, military photo, military image, love, dating,
sex, make love, friends, gun, fire, tank, air, navy seals, troop, kill,
war. 39
Posted by lucifinil (22 comments )
Reply Link Flag
bulky, crashy, trashy...
I don't know about anyone else but for me FF has started to become bulky, crashy, and trashy. I can open up 4 - 5 tabs and easily see FF using over 150MB of ram and even higher. It will slow my computer down and eventually crash. This is across a network of 30+ computers.

Is it really time to start using Opera on our network?????
Posted by aSiriusTHoTH (176 comments )
Reply Link Flag
moron
Stick to the story and get off the liberal/commie crap. I tend to lean to the left a bit and I don't like IE. Jumping to the politics right away, is just stupid.. its about FireFox.. not any moronic conclusions you have... get over it!
Posted by aSiriusTHoTH (176 comments )
Reply Link Flag
When's Auto-Update WITHOUT USER INPUT coming?
When's Firefox going to come with functionality to automatically update Firefox WITHOUT USER INPUT? Am I missing that, or is it really not possible?

I'd love to get Firefox onto my corporate desktops, but trusting users to apply updates when they are available is simply NOT an option...
Posted by gefitz (1116 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.