Fix in for Firefox bugs

Mozilla has released an update to Firefox to fix several serious security flaws, including a recently disclosed bug that could let attackers secretly run malicious software on PCs.

Firefox 1.0.7 was issued late Tuesday, a representative said. A new Mozilla Suite 1.7.12, containing the affected Mozilla Web browser and other tools, will follow by the end of the week.

Related story
Symantec: Mozilla more vulnerable than IE

Open-source browser at more risk, according to survey.

The releases were expected. A week ago, Mozilla said it would deliver new versions of the open-source software to tackle a number of flaws.

"We're strongly recommending all users upgrade to the latest version," Chris Beard, head of products for Mozilla, said on Wednesday. The organization is not aware of any public exploits for the flaws fixed in the update, he said.

The primary reason for the updates is to patch a vulnerability that was disclosed two weeks ago and that affects all versions of the Firefox and Mozilla browsers, Beard said. The flaw lies in the way the applications handle International Domain Names, or IDNs, which are Web addresses that use international characters. Hackers have apparently been working to exploit the flaw, which could let attackers run code remotely on vulnerable computers.

The patched software also addresses a problem that affects only the Linux versions of Mozilla and Firefox--an issue only made public on Tuesday. The security hole lies in the way the browsers handle Web addresses from other applications and could let an intruder gain control over a PC, according to the French Security Incident Response Team, or FrSirt.

Firefox 1.0.7 is available on the Mozilla Web site and will be pushed out through the update feature in Firefox in the coming days, Beard said. People will have to download the full new browser. The next version of Firefox--release 1.5, due by the end of the year--will have a better patching mechanism that will let people download just the fixes, he said.

Firefox has risen in popularity in recent years as a viable alternative to Microsoft's Internet Explorer. Although its market share slipped slightly recently, researchers estimate that between 8 percent and 9 percent of the Internet population uses the open-source browser. Mozilla itself estimates that between 40 million and 50 million people use Firefox.

Security has been a main selling point for Firefox over Internet Explorer. However, Firefox has had its own security woes. Numerous serious holes in the browser have been plugged since its official release. Earlier this week, security company Symantec said more bugs have been found in Mozilla browsers than in IE in the first six months of 2005.

[Peej2K]

Symantec did not say that.

Symantec said that Mozilla had ACKNOWLEDGED more bugs.
What the report didn't say was how long both Mozilla and
Microsoft took to individually patch problems. It took an average
from both, making it six days.

Everyone knows how bias a security report from Symantec, who
needs customers to keep using buggy, slowly patched software
like IE rather than securer, quickly patched software like Firefox
was written.

The spin was unbelievable, and your reporting of it on here,
completely one sided, bias, and unforgivable.

[Nathan Lunn]

Oh Paul, dont get your panties in a bind,

This is just another example of c|Net misquoting and misreporting. The story states The patched software also addresses a problem that affects only the Linux versions& an issue only made public on Tuesday. Actually, FrSirt gives the release date as Sept 20, but the bug was filled with Mozilla on Sept 6. The day after FrSirt makes the vulnerability public, Mozilla releases a public version fix. But the problem was actually fixed on Sept 12.

Lets see Microsoft or Symantec address a problem with their software that fast.

[GoochieWoman]

I downloaded the new version

and boy do I have troubles now. It wont respond, there's a big bar across the bottom of the browser and after uninstalling, running registry cleaners and reinstalling, I'm getting the same thing over and over again...I guess I'm going to have to try Opera