|
|
|
| Firefox security hole patched |
| Wednesday, March 23, 2005 at 22:41 by Laurence Norah |
The Mozilla Foundation have updated the Firefox web browser software to version 1.02, fixing three security holes, one of which had been rated at a critical severity rating.
The bug, which could allow an attacker to run arbitrary code on a users system, occured when parsing the obsolete Netscape extension 2. This could result in a GIF processing error leading to an exploitable heap overrun.
This is the second bug fix release of the software in less than a month, which is unfortunate news for Mozilla who have no doubt been hoping that users would be wooed by their more stable image. However, the rapid turn around of bugs that are found is reassuring.
Two other less severe bugs were also fixed. There is nothing else new in this release, but all users of the Firefox browser are urged to upgrade as soon as possible.
|
|
| |
 
|
|
| You see, mozilla.org released a patch for Firefox immediately, where Microsoft would release a patch for Internet Explorer about 6 months later. THAT'S why Mozilla has better security, not because it is invulnerable, because nothing is. |
|
|
| It's just a matter of time before the bad guys start targeting Firefox, I hope they do keep up on security. I just wonder if open source isn't a potential achille's heel if someone puts some code in a popular version. |
|
|
|
|
|
|
|
|
