Mozilla Introduces Patches To Cure Product Flaws

A couple of weeks following the general issue of Firefox 2.0, the open-source organization Mozilla Corp. on November 8, 2006 brought out a set of vital updates targeted to enhance security for its old Firefox browser series (v1.5x), its Thunderbird email customer and its internet suite SeaMonkey. The organization cautioned that unpatched consumers face the dangers of computer incursions.

SeaMonkey, previously the Mozilla Application Suite, consists of a web browser, sophisticated netmail and newsgroup customer, HTML editor and IRC chat customer. Clients with unpatched variants of any of these programs are likely to be exposed to cyber-terrorists.

The worst flaw endangering Mozilla's browser Firefox, email customer Thunderbird and web suite SeaMonkey is that it can be misused by a malevolent customer for altering text content, permitting the distant implementation of arbitrary JavaScript command. The flaw can be exploited to harvest classified information from websites in other windows or install information or commands in these sites, through regular surfing.

The latest patches repaired a Firefox v1.5.0.8 flaw (an RSA signature forgery glitch) that wasn't restored in a previous bugfix issue, the representative asserted.

Mozilla confirmed that during the development of Firefox 1.5.0.8, creators placed some faults to enhance its strength and discovered that few of the collapses demonstrated memory corruption.

The Firefox revision also patches up flaw in the treatment of text contents. This can possibly be misused to run arbitrary JavaScript bytecode by altering already-executing text contents.

As Thunderbird shares the Gecko search engine with Firefox, it could be dangerous if JavaScript were to be altered in e-mail. Mozilla, thus, fervently exhorted clients to quit executing JavaScript in e-mail.

The Firefox revision affects Firefox 1.5x but doesn't impact the more recent Firefox 2.0 variant. Mozilla declares Firefox 1.5.0.x will be upheld along with security and reliability updates till April 24, 2007, after which just Firefox 2 customers will be continued support.

Clients are exhorted to upgrade to Mozilla's Firefox 1.5.0.8 and SeaMonkey 1.0.6 to tackle composing faults and memory corrupting security glitches that could be easily manipulated by hackers to indulge into cross site scripting, denial of service or distant access strikes.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 11/14/2006