February 23, 2007 2:16 PM PST

Mozilla releases security updates

Related Stories

Microsoft, Mozilla look into browser flaws

February 16, 2007

Two flaws found in Firefox

February 7, 2007

Firefox update patches security holes

September 15, 2006
Mozilla has released updates to its Firefox browser and Thunderbird e-mail client for Windows, Mac and Linux users, the organization announced Friday.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," Mozilla said in a post on its development site.

"This update resolves the location.hostname vulnerability and other security and stability issues," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement.

The location.hostname vulnerability that Schroepfer referred to was the Firefox cookie flaw discovered by Michal Zalewski, an "ethical hacker" from Poland.

In mid-February, Zalewski posted his proof-of-concept on a mailing list for other security experts. His note said that a flaw in Firefox could allow hackers to set or change cookies, permissions for Web site settings and passwords, for their own purposes. A fix for the high-impact flaw was made by Firefox developers last week.

This update includes the patch for that fix, as well as a fix for the critical level flaw involving memory corruption that can lead to crashes. That flaw left people using JavaScript in their mail--a practice Mozilla "strongly discourages"--open to attacks.

"Thanks to the work of our contributors we have been able to address these issues quickly in order to minimize the security risk to Firefox users," Schroepfer said.

The update is available in 37 languages from the GetFirefox.com and GetThunderbird.com Web sites for 1.5.0.10 versions of Firefox and Thunderbird, as well as Firefox 2.0.0.2. It is also scheduled to be available as of late Friday afternoon by clicking "Check for Updates..." in the Firefox Help menu.

See more CNET content tagged:
flaw, Mozilla Corp., Firefox, Mozilla Thunderbird, security

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.