Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711
Fast Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Sarah Wilson UKFast | Account Manager

Mozilla has plugged a few holes in Firefox

Mozilla has plugged a few holes in Firefox

Once more unto the breach, dear friends, once more.

Mozilla has plugged a few holes in Firefox 1.5.x for what ostensibly may turn out to be the last time. The final release of Firefox 1.5.0.12 accompanies the release of Mozilla's current standard bearer Firefox 2.0.0.4, both of which are being patched for at least five flaws.

Only one is critical. Mozilla Foundation Security Advisory 2007-12 details a flaw about a memory crash that could potentially lead to arbitrary file execution.

There is also a fixed flaw for a potential cross-site scripting issue that Mozilla has rated "high impact." According to the advisory, the addEventListener JavaScript method could be used to inject script into another site in violation of the browser's same-origin policy. A malicious user could then use that method to potentially modify or access private information.

One particularly annoying bug related to Mozilla's form auto-complete function has also been repaired in the latest Firefox releases.

Rated "low impact," the flaw could have enabled a denial-of-service attack. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time auto complete is triggered after every browser restart.

The Firefox 1.5.0.12 release is expected to be the last official Mozilla release in the Firefox 1.5.x product line, which was first launched in November 2005. The release of Firefox 2.x in October superseded 1.5.x as Mozilla's flagship browser line.

"Mozilla typically maintains support for previous releases for six months after a major release," Mozilla developer Basil Hashem wrote in a mailing list posting. "Mozilla has previously extended the planned end of life for the 1.5.0.x series in order to accommodate some recent changes in update functionality."

Mozilla will help its legacy users migrate to Firefox 2.x with an automatic browser update notice at some point in the next several weeks, prompting them to upgrade up to Firefox 2.0.0.4.


print this article

Return to internet news headlines
View Internet News Archive

Share with: