Mozilla releases security updates
- ZDNet Tags:
- Web browsers,
- Security threats,
Mozilla has released updates to its Firefox browser and Thunderbird e-mail client for Windows, Mac and Linux users, the organization announced Friday.
"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," Mozilla said in a post on its development site.
"This update resolves the location.hostname vulnerability and other security and stability issues," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement.
The location.hostname vulnerability that Schroepfer referred to was the Firefox cookie flaw discovered by Michal Zalewski, an "ethical hacker" from Poland.
In mid-February, Zalewski posted his proof-of-concept on a mailing list for other security experts. His note said that a flaw in Firefox could allow hackers to set or change cookies, permissions for Web site settings and passwords, for their own purposes. A fix for the high-impact flaw was made by Firefox developers last week.
This update includes the patch for that fix, as well as a fix for the critical level flaw involving memory corruption that can lead to crashes. That flaw left people using JavaScript in their mail--a practice Mozilla "strongly discourages"--open to attacks.
"Thanks to the work of our contributors we have been able to address these issues quickly in order to minimize the security risk to Firefox users," Schroepfer said.
The update is available in 37 languages from the GetFirefox.com and GetThunderbird.com Web sites for 1.5.0.10 versions of Firefox and Thunderbird, as well as Firefox 2.0.0.2. It is also scheduled to be available as of late Friday afternoon by clicking "Check for Updates..." in the Firefox Help menu.
Talkback - Add your opinion
The only proof we have
is it happened with Google. Without a time machine, we can never know if it would have without them.... (Read the rest)
- Mozilla releases security updates Loverock Davidson -- 02/23/07
- Clicked, checked and updated... BitTwiddler -- 02/23/07
- And Yet... C4Ever -- 02/23/07
- Firefox's Security is a Myth Master Tech -- 02/24/07
- OMG? YOU MEAN I DIDN'T HAVE TO WAIT AMONTH FOR FIXES?! CobraA1 -- 02/24/07
- Add your opinion
Latest Security Content
- Mozilla releases security updates
- Flaw found in Office 2007
- Mass. bill wants stores to pay more in data breaches
- Serious flaw in Google Desktop gets fix
- Cisco IP phone flaws discovered
- Subscribe to Feed
Vanguard CIO: Paul Heller |
Technology will play a key role in delivering lower costs and better service to Vanguard's financial investors. Watch the CIO Vision Series video to learn how. |
recent blogs
- NASA paints Google Earth with near real-time information
- You have two cows...
- Google CEO hosts Clinton: Is Hillary tech's friend?
- Salesforce.com's big customer: Mystery solved
- Anna Nicole Smith: enthusiastic Internet user
- See all ZDNet Blogs »
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Security Inside Out - Information Security for the Enterprise
- We'll show you how a comprehensive security architecture can help you improve the security posture of your organization.
- Visit Oracle for more information>>
- Jonathan's Blog
- President and CEO of Sun Microsystems, Jonathan Schwartz is an inveterate blogger. He has led Sun's drive toward transparency and openness.
- Read the latest from Sun CEO Jonathan Schwartz>>
- Microsoft Business Intelligence
- Microsoft Business Intelligence offers a complete suite of integrated products, providing uninterrupted access to widespread applications and reports, supporting all aspects of the decision-making process.
- Learn more about Microsoft Business Intelligence>>
- Convergence: Preparing the Enterprise Network
- ProCurve Networking solutions offer standards-based traffic prioritization to provide traffic type coexistence and quality of service (QoS) functions that virtually eliminate the need for custom network design architectures.
- Read more about the evolution of the multi-service network >>
blogs from our sponsors
Whitepapers & Webcasts
- High Performance Email Archiving for the Enterprise - Analyzing Return on Investment Instant InfoSystems
- Voice over IP Reliability: Architecture Matters ShoreTel
- Improving Agility, TCO, and Security with Agentless Job Scheduling BMC Software
- California Superior Court Switches to VoIP to Improve Service and Cut Costs ShoreTel
- Fabric Firm Switches to VoIP, Cuts Long Distance Costs by Thousands ShoreTel
- VoIP: A Big Success for Mainstream Manufacturer ShoreTel
- Innovation
-
See and hear what CIOs the world over think about the business of technology and how it's changing the way we live and work.
Watch and learn -
Video Shorts: CIO Randall Spratt
McKesson is investing in collaboration and video networking tools to encourage communication between employees.
Watch the clip -
First Group CIO: Darin Brumby
Learn how technology and innovation have a role to play in the future growth of the UK's largest transport company.
Watch the clip -
Millennium Hotels CIO: Eli Salant
"Do your homework. Invariably, the people who make IT decisions are accountants."
Watch the clip