The Mozilla Foundation released updates for its Firefox browser on Friday to plug a number of security holes, including several crash bugs that have the potential to be exploited and an issue with how the browser handles hostnames.
The open-source group updated both Firefox 2 and 1.5 to versions 220.127.116.11 and 18.104.22.168, respectively. The update includes a single critical-rated patch that fixes three memory corruption issues that cause Firefox to crash but that could also likely be exploited. Another issue with how the application handles the setting of hostnames could aid phishing attacks.
Users should be updated automatically or can select "Check for updates..." from the Help menu.
"If you already have Firefox 1.5.0.x or Firefox 2.0.0.x, you will receive an automated update notification within 24 to 48 hours," stated a message from the Mozilla Foundation posted on its developers' blog.
The Mozilla Foundation released the Firefox 2 browser last October, adding improved tabbed browsing and better search options. However, Mozilla and Microsoft--whose Internet Explorer 7 browser shipped a week earlier--competed on their anti-phishing features. The hostnames issue was discovered by Michal Zalewski, a polish researcher that previously discovered a flaw in how both Mozilla and Microsoft's browsers handled keystrokes.
The update to Firefox 2 fixes some compatibility issues with Windows Vista. Firefox 1.5 does not support Vista and users are advised to upgrade to 22.214.171.124, the group said.
Posted by: Robert Lemos