Unknown Soldier
Veteran
The Mozilla Foundation Tuesday updated its Firefox stand-alone browser to version 1.0.5, fixing several vulnerabilities that have popped up since the last minor upgrade two months ago.
Firefox 1.0.5, which has been in testing for several weeks, can be downloaded from the Mozilla Web site free of charge.
"This is a collection of security bug fixes and stability improvements," said Chris Hofmann, Mozilla's director of engineering. "We're also trying to anticipate some potential security problems with this update by patching vulnerabilities that alone aren't that significant, but might be used together to create an exploit. Most of them involve quite a bit of user interaction."
Overall, added Hofmann, the update is an attempt to "stay ahead of the bad guys." One flaw from June appeared to have been passed by. A month ago, Danish security firm Secunia announced that most browsers, including the then-current Firefox 1.0.4, were vulnerable to a JavaScript spoofing error that could let attackers steal passwords and other confidential data. Although a Mozilla spokesperson said that 1.0.5 fixed the problem, TechWeb ran the browser through Secunia's vulnerability test and found that it still failed.
However, this edition does fix the frame injection vulnerability that had crept back into the Firefox code in versions 1.0.3 and 1.0.4.
Download:
http://download.mozilla.org/?product=firefox-1.0.5&os=win&lang=en-US
Firefox 1.0.5, which has been in testing for several weeks, can be downloaded from the Mozilla Web site free of charge.
"This is a collection of security bug fixes and stability improvements," said Chris Hofmann, Mozilla's director of engineering. "We're also trying to anticipate some potential security problems with this update by patching vulnerabilities that alone aren't that significant, but might be used together to create an exploit. Most of them involve quite a bit of user interaction."
Overall, added Hofmann, the update is an attempt to "stay ahead of the bad guys." One flaw from June appeared to have been passed by. A month ago, Danish security firm Secunia announced that most browsers, including the then-current Firefox 1.0.4, were vulnerable to a JavaScript spoofing error that could let attackers steal passwords and other confidential data. Although a Mozilla spokesperson said that 1.0.5 fixed the problem, TechWeb ran the browser through Secunia's vulnerability test and found that it still failed.
However, this edition does fix the frame injection vulnerability that had crept back into the Firefox code in versions 1.0.3 and 1.0.4.
Download:
http://download.mozilla.org/?product=firefox-1.0.5&os=win&lang=en-US