Mozilla Foundation prepares third Firefox security update

Saturday, April 9, 2005 

The Mozilla Foundation is in the final stages of preparing the third security update to the popular free Internet browser Firefox.

This update will fix a security issue highlighted by Internet security firm Secunia which allows remote users to read the memory of a computer running earlier versions of Firefox. Information such as the websites the user has recently visited or their e-mail addresses can easily be recovered.

Users can visit the Secunia website and use a test page to see if they are vulnerable and to study the kind of information that the flaw discloses. Secunia currently recommends disabling Javascript in the browser as a short-term measure against the bug.

The release will also fix some bugs discovered in version 1.0.2 and a selection of other security issues.

The third release, to be known as 1.0.3, comes hot on the heels of 1.0.2, released on March 23. As before, users will need to download and install the entire 4.7MB program from mozilla.org, rather than download a Microsoft-style patch. Mozilla is working on an update system that will make updating via smaller patches possible in the future.

This release has had a difficult birth, with initial versions preventing many popular Extensions (user-installed sub-programs that enhance the capabilities of the browser) from operating. Mozilla developers have worked hard on the issue and are now confident that they have plugged security holes in a way which will not cause inconvenience to users.

Sources

• John Leyden "Browser Bugs Sprout Eternal". The Register, April 6, 2005

• Asa Dotzler "1.0.3 final candidates", adot's notblog, April 5, 2005

• "Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability". Secunia, April 4, 2005
  

Share this:

This page is archived, and is no longer publicly editable. Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication. Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators. Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections. Note that some listed sources or external links may no longer be available online due to age.

This page is archived, and is no longer publicly editable. Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication. Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators. Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections. Note that some listed sources or external links may no longer be available online due to age.