Mozilla warns of a new Firefox flaw

Article

Mozilla warns of a new Firefox flaw

Bill Brenner, Senior News Writer
Mozilla has acknowledged a new flaw in Firefox and SeaMonkey attackers could exploit to bypass security restrictions and hijack targeted machines. The latest versions of those programs correct the problem.

A regression error

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

occurs when the programs process certain IMG tags. Attackers who successfully lure users to a malicious Web page could then exploit the flaw to bypass restrictions and run arbitrary code.

The flaw specifically affects Firefox version 1.5.0.9 and 2.0.0.1; and SeaMonkey 1.0.7.

Podcast: Mozilla's Window Snyder

Security Wire Weekly: Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer bulletins. (Jan. 24)
Download MP3 | Subscribe to Security Wire Weekly

Who patches better: Microsoft or Mozilla? In this Q&A, Window Snyder credits Microsoft for working hard at a faster and more accurate patching process and admits that, sometimes, even Mozilla has to pull back on security updates at the 11th hour.

Users will be protected from the flaw by upgrading to Firefox 2.0.0.2 or 1.5.0.10; or SeaMonkey 1.1.1 or 1.0.8.

Mozilla released those versions last week to fix more than 10 other Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.

Mozilla 2.0 has suffered from a variety of flaws since its release last October.

Mozilla security chief Window Snyder said in a recent interview that Mozilla tries to issue a security upgrade every six weeks or so.

"We're continuously looking for vulnerabilities and continuously fixing them," she said at the time. "Users don't have to wait for the next version of the product to get a lot of the benefits of the security work we're doing. They get it on a regular basis."

She made that comment after being asked if the frequent security updates are an indication that the open source browser isn't as ironclad as supporters boast. Firefox is often touted by fans as a more secure alternative to Microsoft's much-attacked Internet Explorer.