Firefox 1.0.7 fixes security holes

By Bill Brenner, News Writer 21 Sep 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Mozilla has fixed serious security holes in its popular Firefox browser with the release of version 1.0.7. Attackers could use the vulnerabilities to cause a denial of service or launch malicious code.

Related news New security hole in Firefox

"This version includes several security and stability fixes, including a fix for a reported buffer overflow vulnerability and a fix for a Linux shell command vulnerability," Mozilla said on its Web site. According to the Bethesda, Md.-based SANS Internet Storm Center, the new version:

• Fixes a potential buffer overflow vulnerability when loading a host name with all soft hyphens;
• Prevents URLs passed from external programs from being parsed by the shell [Linux only];
• Prevents a crash when loading a Proxy Auto-Config [PAC] script that uses an "eval" statement;
• Restores InstallTrigger.getVersion() for extension authors; and
• Makes other stability and security fixes.

Danish security firm Secunia said 1.0.7 fixes a new flaw affecting Unix and Linux systems. "The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in the URL provided via the command line," Secunia said in an advisory. "This can be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application that uses Firefox as the default browser."

Secunia confirmed the flaw in version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected, the firm said.

The latest version also fixes a flaw that came to light a couple of weeks ago that's caused by an error in the handling of a URL that contains a certain character in its domain name. This can be exploited to cause a heap-based buffer overflow.

"Successful exploitation crashes Firefox and may allow code execution but requires that the user is tricked into visiting a malicious Web site or open a specially crafted HTML file," Secunia said.

Tags: Security Patch Management,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Web Browser Security Exploit code targets Internet Explorer zero-day display flaw InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary