Robbie
05-03-2006, 09:08 AM
(InfoWorld (http://www.infoworld.com/?source=rss)) - Mozilla has released an update to its Firefox browser, fixing a known security flaw in the open-source software.
[/URL]
The bug, reported last week, relates to the way Firefox handles JavaScript code. It could be exploited by attackers to crash an unpatched browser, and, in theory, could also provide them with a way to trick the browser into running malicious code,*[URL=http://www.mozilla.org/security/announce/2006/mfsa2006-30.html]Mozilla said in a security alert (http://ad.doubleclick.net/jump/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;pkey=applications;s key=internet_applications;skey=browsers;ord=123456 789?).
The problem has to do with an error caused when Firefox handles certain unexpected "contentWindow.focus()" JavaScript code. It can be circumvented by disabling Firefox's JavaScript handling capability.
Users of the older Firefox 1.0 browsers and the Mozilla Suite 1.7 are not affected by the flaw, and Firefox 1.5 users should soon start to receive software patches under the browser's automatic update system.
Mozilla developers said last week that they had reduced the number of features in the 1.5.0.3 update in order to speed up the release of this security fix.
Release notes for the 1.5.0.3 browser can be found*at the*Firefox Web site (http://www.mozilla.com/firefox/releases/1.5.0.3.html.).*
SEE ALSO:Firefox drops Places feature (http://www.infoworld.com/article/06/05/01/77901_HNfirefoxdropsplaces_1.html)
Microsoft fixes nixed, D-Link routers bollixed (http://www.infoworld.com/article/06/04/28/77790_18OPcringely_1.html)
ADVERTISEMENTMicrosoft (http://ad.doubleclick.net/clk;28885137;10213593;j?http://ad.doubleclick.net/clk;29562860;12867409;s?http://www.microsoft.com/technet/security/default.mspx)Free Security Tools & Updates
[Full article (http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/06/05/02/78013_HNfirefoxfix_1.html) @ InfoWorld]
[/URL]
The bug, reported last week, relates to the way Firefox handles JavaScript code. It could be exploited by attackers to crash an unpatched browser, and, in theory, could also provide them with a way to trick the browser into running malicious code,*[URL=http://www.mozilla.org/security/announce/2006/mfsa2006-30.html]Mozilla said in a security alert (http://ad.doubleclick.net/jump/idg.us.info.rss/news;pos=imu;tile=6;sz=336x280;pkey=applications;s key=internet_applications;skey=browsers;ord=123456 789?).
The problem has to do with an error caused when Firefox handles certain unexpected "contentWindow.focus()" JavaScript code. It can be circumvented by disabling Firefox's JavaScript handling capability.
Users of the older Firefox 1.0 browsers and the Mozilla Suite 1.7 are not affected by the flaw, and Firefox 1.5 users should soon start to receive software patches under the browser's automatic update system.
Mozilla developers said last week that they had reduced the number of features in the 1.5.0.3 update in order to speed up the release of this security fix.
Release notes for the 1.5.0.3 browser can be found*at the*Firefox Web site (http://www.mozilla.com/firefox/releases/1.5.0.3.html.).*
SEE ALSO:Firefox drops Places feature (http://www.infoworld.com/article/06/05/01/77901_HNfirefoxdropsplaces_1.html)
Microsoft fixes nixed, D-Link routers bollixed (http://www.infoworld.com/article/06/04/28/77790_18OPcringely_1.html)
ADVERTISEMENTMicrosoft (http://ad.doubleclick.net/clk;28885137;10213593;j?http://ad.doubleclick.net/clk;29562860;12867409;s?http://www.microsoft.com/technet/security/default.mspx)Free Security Tools & Updates
[Full article (http://www.infoworld.com/cgi-bin/redirect?source=rss&url=http://www.infoworld.com/article/06/05/02/78013_HNfirefoxfix_1.html) @ InfoWorld]