Mozilla Fixes Firefox Flaws, Misses One - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

Power Search | Tips

In-Depth Reviews

Tips & Tutorials

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• McAfee Total Protection

Most Popular Software Downloads

• Mozilla Firefox

• Microsoft Office 2010

• QuickTime for Windows

• Adobe Reader

• Mozilla Thunderbird

• Winamp

• Microsoft Office 2007 Service Pack

• Google Earth

• Adobe Flash Player

• Windows Vista Service Pack 2 (Vista SP2)

• CCleaner (Crap Cleaner)

Most Popular Software Articles

• Windows Vista Tips: Home Networking Setup Tutorial

• 10 Must-Have Apps: The Free Windows Networking Toolkit

• How to Make Your Internet Connection Faster, Better

Software Reviews

Mozilla Fixes Firefox Flaws, Misses One
Security Fixes in Firefox 2.0.0.1 and 1.5.0.9 Updates
Sean Michael Kerner

Mozilla today updated Mozilla Firefox 2.0 for the first time, but the upgrade lacks at least one fix for a well known and already disclosed flaw in the open source browsers.

In late November, a Password Manager flaw was reported in Firefox, leaving users at risk for having their log-in information misappropriated by malicious sites.

The flaw allows a maliciously crafted page to auto-fill a form with credentials intended for another site.

There is no warning in Firefox 2.0 or previous versions that the credentials are being pulled for the wrong site and submitted to a third party.

As of 5 p.m. EST today, the Bugzilla entry for the flaw is still open.

However, Firefox 2.0.0.1 does feature fixes for five critical security flaws that could have left users at risk to arbitrary code execution and other attacks. The fixes are also reflected in Mozilla's legacy 1.5.x browser in the new 1.5.0.9 release.

Mozilla Foundation Security Advisory 2006-68 fixes flaws that deal with crashes that hackers can use to corrupt memory for malicious purposes.

"As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several bugs to improve the stability of the product," the Mozilla advisory states. "Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort."

The Mozilla advisory cites three separate Common Vulnerabilities and Exposures (CVE) identifications (CVE-2006-6497, CVE-2006-6498 and CVE-2006-6499).

Another critical flaw fixed in the new Firefox release addresses a separate crash issue when using a certain CSS (define) cursor property on Windows.

According to the advisory, a miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim's computer.

Crash issues aren't the only critical flaws fixed.

Mozilla Foundation Security Advisory 2006-70 discusses a fix for a JavaScript flaw that could have led to privilege escalation.

News courtesy of internetnews.com

December 19, 2006

Download Mozilla Firefox 2.0.0.1!

View All Web Browsers

Contents:
1. Security Fixes in Firefox 2.0.0.1 and 1.5.0.9 Updates

Additional Articles:

Mozilla's Newest FireFox Takes Flight

Browser Wars v.2004: Part 1

Browser Wars v.2004: Part 2

Mozilla Firefox's Volunteer Launch Brigade

Rise of the Underdog Browser

Firefox Makes It Official

Add-ons Extend Firefox Growth

Getting the Most Out of Firefox

Firefox Thankful for Strong November

Firefox, Others at Phishing Risk

Browser Wars: Who's Winning, Who's Losing

Firefox Torches Competition for Enterprise Linux Award

Mozilla Updates Firefox

New Firefox Vulnerability Pushes Latest Update

Firefox Update Patches Three in Time

JavaScript Flaw Hits Mozilla Users

Firefox Popularity Spurs Mozilla Traffic Surge

Beware the Browser Backlash

Another Flaw Found in Mozilla

Google Extends Firefox

New Firefox Fixes Holes

Firefox Advocate Site Hit by Hackers

Mozilla Goes for More Green

IBM Donates Code to Firefox

Firefox Losing Its Grip?

Mozilla Under Fire

Mozilla FireFox DoS Exploit Code Released

Firefox: Nearly a Year Old And Now 100M Strong

Happy Birthday, Firefox 1.0

Firefox Upgrade Near

Firefox at Critical Mass?

New Firefox Kills Bugs

A Word-Wise Firefox Extension

Mozilla Plugs Firefox Bugs

FireFox Fixes by the Dozen

Goooaaal! Google, Mozilla Kick In Soccer Fix

Firefox 2.0: Mozilla's Tabs Overfloweth

Firefox 1.5.0.5 Fixes JavaScript Flaws

Firefox Is Doing So Well It's Now a Malware Target

Firefox 2.0 Beta Tweaking Its Look

The Firefox, IE Race to The Finish

Firefox Hits Seventh Heaven

Firefox 2.0 Release Candidate Goes Live Today

Double Deuce as Firefox 2.0 Nears Completion

Mozilla Fine-Tunes for Final Release of Firefox 2

Firefox 2.0 Released: 'Bon Echo' Lives!

Firefox 3.0 Already?

Path to Firefox 2.0 Is Cleared

Our Phishing Filter Is Better Than Yours!

Phishers Lurk for Firefox 2.0 Password Manager

Mozilla Rakes In $53M

Mozilla Patches Some Firefox Holes

Mozilla Security: More Than Meets the 'Aye'

One Flaw and a First for Latest Firefox Update

Firefox 1.5 Gets Its Last Update

Firefox at Risk Because of Internet Explorer?

Firefox Fixes IE Flaws

Mozilla Firefox Still at Risk

Will Mozilla's Fuzzer Break the Web?

Mozilla Updates Firefox Ahead of Black Hat

Flaw Still Shadows Firefox

Firefox Gets BitTorrent

Firefox Gets QuickTime Fix

Mozilla Separating Browser from the App

Firefox Fixes Cross-Site Flaws

Firefox Breaks Web Canvas

Warning on Spoofed Login Windows in Firefox

Mozilla Update Quashes Slew of Firefox Flaws

Firefox Update Tackles Pair of Critical Bugs

Will Design Flaws Flunk Firefox?

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One

Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES