Mozilla to Issue Firefox Security Fix

Latest News | News Archive |

Posted by: Tweaker
Date added: 02:56, 29th April 2006 GMT
Source: Beta News

The Mozilla Corporation plans to rush out a minor update to Firefox, numbered 1.5.0.3, in order to address a denial-of-service vulnerability in the most recent version of the open source Web browser. The move comes despite the flaw being rated "non-critical" by security firm Secunia.

The security issue involves an error in the handling of unexpected "contentWindow.focus()" JavaScript calls. A malicious Web site could be used to "corrupt the memory and cause a crash by calling the "contentWindow.focus()" method on a container with specially crafted content," according to an advisory.

Exploit code for the vulnerability has been released, prompting Firefox developers to quickly patch the browser -- even though the risk of attack is minimal. The decision will, however, slightly push back the next Firefox update.

"What was previously called 1.8.0.3 will shift to 1.8.0.4. 1.8.0.4 will ship on a schedule slightly offset from the original 1.8.0.3 schedule to accommodate the new release in the middle," developers said on Thursday.

"The new 1.8.0.3 release is happening off of a mini-branch from 1.8.0.2 so no action is required to back out patches or stop landing patches for the next release." The DoS problem affects the latest Firefox 1.5.0.2 build, which was released earlier this month to correct a slew of security-related flaws.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]