• On GameSpot: Wii Fit tells 10-year-old she's fat
advertisementAT&T Tech Support 360

February 23, 2007 2:16 PM PST

Mozilla releases security updates

By Candace Lombardi
Staff Writer, CNET News

Related Stories

Microsoft, Mozilla look into browser flaws

 February 16, 2007

Two flaws found in Firefox

 February 7, 2007

Firefox update patches security holes

 September 15, 2006
Mozilla has released updates to its Firefox browser and Thunderbird e-mail client for Windows, Mac and Linux users, the organization announced Friday.

"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," Mozilla said in a post on its development site.

"This update resolves the location.hostname vulnerability and other security and stability issues," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement.

The location.hostname vulnerability that Schroepfer referred to was the Firefox cookie flaw discovered by Michal Zalewski, an "ethical hacker" from Poland.

In mid-February, Zalewski posted his proof-of-concept on a mailing list for other security experts. His note said that a flaw in Firefox could allow hackers to set or change cookies, permissions for Web site settings and passwords, for their own purposes. A fix for the high-impact flaw was made by Firefox developers last week.

This update includes the patch for that fix, as well as a fix for the critical level flaw involving memory corruption that can lead to crashes. That flaw left people using JavaScript in their mail--a practice Mozilla "strongly discourages"--open to attacks.

"Thanks to the work of our contributors we have been able to address these issues quickly in order to minimize the security risk to Firefox users," Schroepfer said.

The update is available in 37 languages from the GetFirefox.com and GetThunderbird.com Web sites for 1.5.0.10 versions of Firefox and Thunderbird, as well as Firefox 2.0.0.2. It is also scheduled to be available as of late Friday afternoon by clicking "Check for Updates..." in the Firefox Help menu.

See more CNET content tagged:
Firefox, Mozilla Corp., Mozilla Thunderbird, flaw, security

Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET