Mozilla has fixed serious security holes in its popular Firefox browser with the release of version 1.0.7. Attackers could use the vulnerabilities to cause a denial of service or launch malicious code.
"This version includes several security and stability fixes, including a fix for a reported buffer overflow vulnerability and a fix for a Linux shell command vulnerability," Mozilla said on its Web site. According to the Bethesda, Md.-based SANS Internet Storm Center, the new version:
- Fixes a potential buffer overflow vulnerability when loading a host name with all soft hyphens;
- Prevents URLs passed from external programs from being parsed by the shell [Linux only];
- Prevents a crash when loading a Proxy Auto-Config [PAC] script that uses an "eval" statement;
- Restores InstallTrigger.getVersion() for extension authors; and
- Makes other stability and security fixes.
Danish security firm Secunia said 1.0.7 fixes a new flaw affecting Unix and Linux systems. "The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line," Secunia said in an advisory. "This can be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application that uses Firefox as the default browser."
Secunia confirmed the flaw in version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected, the firm said.
The latest version also fixes a flaw that came to light a couple of weeks ago that's caused by an error in the handling of a URL that contains a certain character in its domain name. This can be exploited to cause a heap-based buffer overflow.
"Successful exploitation crashes Firefox and may allow code execution but requires that the user is tricked into visiting a malicious Web site or open a specially crafted HTML file," Secunia said.