Latest Mozilla releases fix 10 security flaws

The latest releases of the Mozilla and Firefox browsers, along with the Thunderbird e-mail software, fix 10 security issues, including three critical vulnerabilities, according to the Mozilla Foundation, which develops the software.

The three critical flaws could let an attacker run code on the victim's computer, according to information published by the Mozilla Foundation on Tuesday. The vulnerabilities are caused by the improper handling of electronic business cards, known as vCards; overly large images in the bit map (BMP) format; and links that have host names using nonprintable characters.

The issues are fixed in the latest versions of the Mozilla Foundation's open-source software products: Mozilla 1.7.3, Firefox release candidate 1.0 and Thunderbird 0.8.

Security information provider Secunia gave the set of 10 holes a "highly critical" rating, its second-highest grade for Internet threats.

The plethora of new security issues comes a month after the Mozilla Foundation started offering money to researchers who found verifiable security problems in the browser. On Tuesday, the open-source group released its latest version of its software packages.

The Firefox browser in particular has benefited from the perception that its rival, Microsoft's Internet Explorer, suffers from security problems. A flaw revealed yesterday by Microsoft could put users of Internet Explorer at risk of having their PCs compromised by malicious Web sites.

[Jonathan]

Patch Score: FireFox 10......Microsoft god only knows.

OK so obviously it more then ten since the first release of Phoenix but in this game I think MS is scoring more holes then Mozilla by a long shot. I mean for the love of god I do not believe there has been a single month in the last few years where MS hasn't release some form of security patch for IE.

So when FireFox starts getting monthly security patches that fix 10 problems at a time then we can compare it to Internet Exploder. As it stands this is nothing more then another smear tactic MS is pulling out of its bag of tricks. news.com = Fox News = Propaganda machine that masquerades as a legit news site. Fair and balanced my ***.

Oh and one other note. This is BETA software. Beta. Yah know. Software that isn't ready for mass release. Comparing FireFox to IE is like comparing Beta Windows XP software to Windows 2000 w/ SP2: A BS comparison. Mozilla may be pushing it as release software but in reality it's going to be a while before its ready for prime time.

[rembspam]

ONLY 3 are critical NOT 10

The Ssecunia webpage makes no differentation in their main page. But when studying the details of each there are only 3 REAL problems instead of 10.

The Mozzila webpage tells indeed 3 are very critical.

There will be more to come and I'm not suprised by that. But is always better than using ActiveX controls because they are security holes by default due to their design. This is why SP2 disables them!!!! MS endorsed us to develop for the IE using ActiveX controls, now they shut it down and say hey, you can use it but only on a trusted site. And as you and I know...... there are just a few trusted sites we use normaly since the unknown is always non-trusted.

But they use ActiveX on so many pages...... and now I can't browse without annoying messages of the IE since I disabled ActiveX.

pfffffhhhhh thanks a lot Microsoft. I stick with Firefox.

BTW: MS encountred 52 IE patches within 1 year!!!!! That is ONCE A WEEK!!!

Since Mozzile that started 3 years ago. We have 10 from which 3 are very seriously. What a BIG difference!!!

[David Arbogast]

zero difference

1 vulnerability or 100 doesn't matter once you've been compromised. It is ridiculous to point to every bug in every product and say "its still better than Microsoft." Time to wake up and realize that almost all software contains bugs. The advantage goes to the company that works hardest to resolve security issues.