[ISN] Firefox update plugs 'critical' holes

From: InfoSec News (alerts@private)
Date: Thu Jul 27 2006 - 22:30:10 PDT


By Joris Evers
Staff Writer, CNET News.com
July 27, 2006

Mozilla on Wednesday released an update to its popular Firefox Web
browser that fixes a dozen vulnerabilities, seven of which it deems

The most serious of the flaws could be exploited by cyberattackers to
commandeer a vulnerable PC, according to Mozilla. The company, which
oversees Firefox development, has published security advisories for
each of the flaws repaired by the Firefox update.

The flaws are fixed in Firefox, which Mozilla has started
pushing out to Firefox users via the update feature in the open-source
Web browser. In addition to the security fixes, the browser update
includes stability improvements, as well as changes for the Frisian
version for some users in the Netherlands, Mozilla said.

"Firefox is a security update that is part of our ongoing
program to provide a safe Internet experience for our customers,"  
Mozilla said on its Web site. "We recommend that all users upgrade to
this latest version."

Security monitoring company Secunia rates the update as "highly
critical," one notch below its most serious ranking.

Mozilla also released updates for its SeaMonkey suite of applications
to address security issues that apply to those programs.

While some of the security flaws may affect the earlier 1.0 versions
of Firefox, Mozilla is not providing updates for those releases. Its
version 1.0.8 was the last refresh for the 1.0.x line of Firefox. All
users are advised to upgrade to the version. The 1.0.8 version
came out in April.

Developers are working on Firefox 2, the next major version of the Web
browser. Mozilla earlier this month shipped the first beta of the new
browser, which includes such features as a phishing shield to protect
against information thieving online.

Microsoft, meanwhile, is putting the final touches on Internet
Explorer 7, a reinforced version of its Web browser. Designed, in
part, in response to competition from Firefox, IE 7 is due out in the
fourth quarter of this year.

Copyright ©1995-2006 CNET Networks, Inc.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu Jul 27 2006 - 22:34:33 PDT