Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


Mozilla Updates Firefox to Fix Security Gaps



 By: Matthew Hicks
2005-07-12
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Linux & Open Source story.


Rate This Article:
Poor Best
Firefox 1.0.5 patches 11 security issues, including a spoofing vulnerability and a tenacious frame-injection flaw. Meanwhile, Mozilla gets closer to a new update system for Firefox 1.1.

The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue.

Mozilla has released Firefox 1.0.5 and plans to follow it with new versions of its Thunderbird e-mail client and namesake browser application suite on Wednesday, said Chris Hofmann, Mozillas director of engineering.

The Firefox update fixes 11 security issues discovered both by outside security researchers and from Mozillas own Security Bug Bounty Program, which offers a $500 reward for reporting bugs.

Hofmann said that Mozilla knows of no exploits of the security vulnerabilities patched in Firefox 1.0.5.

Among the vulnerabilities plugged in Firefox 1.0.5 is a browser spoofing issue reported last month by security researcher Secunia. The spoofing vulnerability, which affected all major browsers, could aid scammers in successfully launching phishing attacks.

Resource Library:
Users could be convinced to provide sensitive information in JavaScript dialog boxes that do not display their origins. To fix the issue, the Firefox upgrade now displays in a JavaScript windows header the Web address of the source of the prompts content, Hofmann said.

Read more here about Mozillas effort to battle security issues.

Also last month, a 7-year-old frame-injection vulnerability, which had been patched in earlier versions of Mozilla browsers, reared its head again in Firefox.

The new version patches the flaw, which had the potential to allow an attacker to load malicious content in the browser window of a trusted Web site by exploiting the way browsers handle frames.

To install the update, Firefox users need to follow a browser prompt to download the update or visit the Mozilla.org Web site.

Mozilla does not provide a way to deliver security patches to Firefox, instead requiring that users download completely new versions of the browser.

But the Mountain View, Calif.-based open-source development group plans to change that.

It is working on a revamped software updating system for the next major release of Firefox, Version 1.1, which is due for release later this summer.

A second alpha release of Firefox 1.1, called "Deer Park," was slated to be available for testing among developers as soon as Tuesday.

That alpha was supposed to include early test code of the new software updates system, Hofmann said.

Click here to read more about the road to Firefox 1.1.

Mozilla is working to make the availability of software updates more visible to users and to support security patches in the revamping software-update process.

In other Mozilla news, Yahoo Inc. announced Tuesday that it has added support for the open-source Thunderbird e-mail client to its desktop-search application.

Yahoo Desktop Search now will be able to index and search across e-mails and e-mail attachments from Thunderbird.

When it launched in beta in January, the desktop-search software only supported Microsoft Corp.s Outlook and Outlook Express clients.

Check out eWEEK.coms for the latest open-source news, reviews and analysis.



  Reader Comments: Mozilla Updates Firefox to Fix Security Gaps
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Linux & Open Source Articles          >>> More By Matthew Hicks
 


x}v6EvK9-5-nOgwEBc䐔mev^}}ƭ.KNlKQ@ B;;~$rȥkNmJv'{>D;;}!P`^P/2p}R  tӌ5r:! >>;|/s=NN5%cja]k|&#F}W&2ő5m0 f E1;' VI= ™MJDDRzGEQ=-Dt>tP ߩ2pНYBT!|HL%h!Q?9; fw^B(ƻFՉziZgC2]hj:W{7v6^: ȅC׷z$nRvGn7oT 205A2#[ dTZ Ӂkp5\ap*)ZPX6tG-#H!PN$]+AbArxưcqH'|6X@яZNa^:Xy yN gtq:/r~/7@7F;uC2w0 TmO |lM=S>I Cu"اzr(˺Y4)hmwEaij|Tݯ(GϢCrL!-ghTzEÝ|g[ڽP*)e}~] !GAm+h[N#ZI;lt|n]\|[r m + A7Rߘ+0Q\&*Jt4I3QA 1vrjw{`%rM7Jzq߸pAIS# Ԏ40" J2~̢2qu;-^m^:C,3sAV5 ̠t?C{ˠrq{vz|q۾:vY熜>OZ]d/'t2 +?:VU'_ZUCp5'^=v??NlrO,.iT$32ޗPE$Y-iwyA X-t[[WRH }#w#?",+RY4C ! ,md©$zN3ߜo4C+D_x0ND9fM ,eg0AM)51pk 3!RBiK _{@@ZZ~nV$9SeEI7#DL vxT"ʥep 3UTWws^ iz|48?F]7Du..*s5ͷwnc;]g8k5{nZ{ݹvem~l_ICsEhYf7wI榣V$c*exsvU9-b(7ZdL,5,{LtOp 0hv?OiM'89yt$AG61^K ucl>#ä p;pw>>-Fv1S{Q {>0iCkB^D4״ l"&qS к``2&àF{t ,/G`\@48`$8ʼE!1i@Xȁ{&`sĵ{ݲeǀԜG:r)Ea1C.O)))H.B$(ZȻ"!Alq [$t Xxl+_F쎄~ .<BIcyd&,gQY,p[/)͙J2d0e Q򍜘=b`&Qea*0pRx5Rn,`o+GvP#&C˰` 3C }= 3ԲM҄%LlQ`0Ґ()s~Lh?wܰH}O  35{80q}@32iB7' ƱeI|B3} H8lz:{mQH>08鴉s3tWNn~|YFhIO3_iy>grGֶ-/ e jJ=WsFA|5 i!sL&Ze onunS^7&++\=PӔ*T2%18 FLyO ('cwBFJV !zh'ы>Eg Huzo),jI8{°εZ.퉟EY lc-WVw jQt(*АTtm6dXdžJ>!1Ad/a:(9Hpcʻ:>{j aaC_/UKW3C-ZYSj2ej[`B]PeܠQ@7%XSPQ[ tpkuꟸPCߵK|#c=dsgH~qP9S?磔YTp$480T]2akRhjMMaf(0q |0b=9ߟy8[=x/{ Ykq]ؑRB|vjN 0z4'Z>ph`/R=*uoqj)݅I ,䧒RVJ~&[b"ud\6˰@\k>Oa3HȦnssQ*/J7+ )R|;OZV*ժ 5*Zj7;Aq{ wC}y>WϷ[fi^:-w^>m^Z19X>>: '312& z@j9ajv6<~0(rE=4'!ݥrI6San0-уUTKV'=ibGHo i87\`EY;>Z}n)'Ș-qVYw7䚢#ÏnR UtT#CWta{1X]QiS=Rxs޹m?UN~ZkBZ'@ u0cqmy@ pᐙ@F]S؇Qgm/R=TڞOEq‡1ክ54Sf;NW'wj6Jh)VMYS!RW dĞe~oɢ Ϣ+bIۛўgoz< @mvfӋ6=_`t mAؙY%,@:e۴s:i&2106E-0P>O\մr ,09>|6Œu8YYߧ`L'sk`p1\GAc>֍'yUcG6~zi1bN(n<0{L3wB=6 Phnh`d6P"lֳ>A>qHlLO//n'U`9H9֛JYTJ`zրDZ9 c].gO}]٘x4> J>hxG2e(Ъ6#iB/%e.N1)Q,&v}j;LʢHV)KY+TuRaoaqVZʑF3HU EOM#/ PNkF[Cn$C|)탪_K&#UiZe%~萫iI#Ǹ"ZAY_Mkɒ8+hs%p OB0_\PF.^*%R2i$yF(%%KgGPlX;zf(t]4Vfsemj`I3J9`{iO8C3##nƝjUNIZVڳ$t`۳"%1$tpL\'L7H}MVJȥe#uL!ٯ1|B$p?n ]V(A슣t9#2@BZNbxœo =$Ԅ79 +A񷠐n)ɁXXD>ġiFR{e">ZTa/LGFccb~n.Q)RP@/I\C.:;Ղ_ c3atք-䴔Q+Eki4}ֹIgŗC<d¼ǏDG;vݹ:|D[8M@?^+{;^h\/0C~WE/o:Nec]Fyn8F&PvB, F HŤ}v|{{<=m_}nxmu֋<-odF4r:ecJ|sѹ'E%{uEs9AnTH͋ǫC,F_!yN.Z͛FS̠o2XHz|0<㥑a+"@TKuÙB9ki.Dz=t_5g0YT h%1ΒC( Z`!灙_b!bF'G<AP#{ r H)'4-EK|b;3^t=hh!,:Uaҏ"穔(BS.hDOg4uҹir#slo}AJNnV ZҷoDW蘧YD_q-sz<~\2Z9ntL:{ԾhwޗNC ?"Y^3Í7w "HlSϭC2L:1D&rޚSd[Bc}OӆO|BaJ;t: e~=m2겨vC%L<0GќN蔈'=J8 z>RB'T˓4/iY(yqjhdꒈ~~ j&'ءX֛^76'8{Hpo6+P}q붱<:RpDD2C}Ҽ&B}XyC8Ťb%h4eW*Bzc?<-9Cs`:<5 B@+伨;'RՃv; >#m(3tS6l\Q}y9b1ߠnWa7pϲ]ta9c|w'5];>##vjQ7]Zz}D{O{,j8;_坠PVp#hh*f]O]V7]mYv{d &|)'AuhaXKgnnoԕLa4 ݣvR:}i?v;}pܶ\$ϫ@" bY_BIKwvzYVN Ȧw=13YCŸA!{zedz}X ?*4lo `zW`[ʅ=RH3a d<$Jփ7˶˷Fp7N Ϧf_ O%FJ ,^`mZ،9!/hvpU4bZy"N0 ?) W_M7⎍zkQy{rx|SqZ'+' g|o#&ڟM_k wS&5.%h3[Q@)_ƥE/.qĨ&plwx7 r`f[h!r'c+dڶRyWwY?y2<sRU`~TJG9#x.aI~ 1_@j=ODST֣G\êܣKE<#?KdhuT?p.:ϲ3,~ -ט', #a^M6D&4<Ҍ1˧"]`FL0m<%3U!cn4ݎ]rS\!i@&M4?S60.!OXt4<ݷ;~(*Z|W7ЙG;) *y1rU+~;@̜ 9pg^O`yƺЪZxcOFكI6t{(2&-Ftute ;# mM`JZq9䌷a8MePXGP;JGl+55VL;ɒQ9 S︽v,V~MefJd]ql#u/(I=uTaNGN`s:Jj94}N+Ҹ1"ryV7B'rLyt]i/);rF߭3AaǐQ4uݾL\QIT^qn(ӈVxrjp?p5Q9EMz"Yfdy 'PBbR'AG|ݩkZ py'H?sb[HQ1T=$LFzMV3;/R"PqHנfgR4sҙVZLsDϤrUZ1}haHHxԓ(O!q3sIQ>,#p+pol^Jx;uIU%>}0Kw˶u@.44N)xF7?9*D".#)hA{[jDx 'Tڊ*XyS*Q!_ttBreuh/p,T%dʦ\R\筓Mx Uv1Ӵ+IK`Қʦ v%Eb?V1ZJD8hAt H\|\dȧPϟtAl!~<Q1/cq`@]JZtΌq扈kss<$$ܝG8|)ZdMqolYa+ۗTMRrXVIDt;:>PғIsO>ׯ(2!2'L&ķؒ(s녭ixb'W}5 tCj^fa ϻ:ؚ.mk24Zsb<"µ3dH_HGS Fo>o>o>o>?\엟SNKW7])'-(s} u ^03 `!PgW^(lhc>n S{,U.0DҔg]1C/fUDsv\,Kkn8/ɼdI6J  5Lwɸ޶ZHBjsx|$Xї8Bv |؀ص!"qKHMRv}S/س5[fIT'X Ʀon懛v6d:P\{DŽR[ ]`wƤ,KǜxATU"aʿ M܃(;c(Gv}9Qs+8KS7ʫ[*ל/` lpuC|'xSuKX]"ue .Fm8կ6M/Kc*\OrP_:'Uezvb,>Ox` 1M(~ ̘ϥT5 b'+G~~~~q_`R)ޚ/0;@/ln)Dk}i1 a/Փh:HF-C;6 zc\tcW4d)wB]FsT7x>ǻw0%%&> "k1ZPsn]Ѓ0>j]׏S" v}jZW-Pml[q!<} 7Rw6fxJOܢ!H=0$AԢUH"H6Ǿ_ۥKPMԄ)WRS:$C VBT@]%o7Buy} TqS`!dQkz6`\Sx=D8$6/cްoOԿmk|m/n9#LxHsEb-ڷ@k%=j~E5lqzs1l{c*;<) o}ux#X\ o^mwG= xa +%?G*B h tCzK\ śL7%ArW|koNk0l^/@-l߽&BS+3YiI-ڦ#l(I#8ۀچc 噘xQT~uσdhkk"A 9畲] -_ߩ}&:PAm AɼWYIj:"EUJD:`ѿ6F3VL 2RJ6E50j`pEDStrM;{iM sZ;xgd_^"6X8oIkuF[Ӷ I,b'L$?A1D bXGjw.P5Fg.&GDtgpq}:=Brя"v`Oj{ es:7>k_A'-gǬjgmΰ?=2@3* I7~^G%H#k'׻g@amIYx ͦ l1 m0@y uM|y#ou?.&cu(,!@5\?ԝ:ST-A$ZD!pSȯݜ^[I'Hr!Dz'5aLu7P;ɫlNz ԣ:BMqŷWT#j%x7נ7^6T3#6z^C Kk&t];X{y ֵ/mLtX8Ow| e-JMD0J ;JJYTjG^'\YiJU`c6 c2Tg 3hye`=Xm~rY/*[ocV; R`* erO}TK[\JH`o2g9Yts@>- ''+j w w-rÐ\C/Ԯ=ć<&AD+~ +^V"WWc -z2:Q 9F;1CWIе6A\Π{3EF-h>#Թ|A+1߯m9d0؞`/,9+PsxfVؖUm}qV΍R)q2ȹ莥c6#sz)%/Hk7"Y lgQrC,?y`hîĈVRR>dD9m A&W1˜"xxa aF a?ϪͲ;IoP}sY?e=a ' 2u?|{y BJG?Jm~#}}*H4;"#n4V~1}Mz&`CqNrtGw%eRS{ٓK:8ף/|T1/b#-ᰔ#>I]11K= o 8pbY`Oh$}b cBZp4aw+?/7W]@)a#}~L-ƞ D´"c)41GJ["1}s?nI79kNS-i`Ik„0#ld Dps}CHJ 1-J r {fĔy9d %6:݋N1Js\-u#@e=DqE X_$)FKB?'(]hWO iN9?ϴrʡ-4~//E|9s _ /}/s{ ̡%%e^^'UWsN9 S~ 90W9{s#?W0~W9ׁwr?/r qP: Mtn]@?V_s^99@9ۼrosڿ\'I97sy S89B8_y Oy射:)?}VQ<_`k9t _us̭L_'BX\jvr+~=o /dew44vYA- {}ys`˼7,(^xTHyE#.ȭ-'Hl]=g%%x=0?Mu{.1پWߕ\)ܼ}:qOkXE9s8WɴFVی KgD4+{HO9}z[4G8q=Pޛ.vZFn@x> Okz>s<[~r^<^ȬUU5lNA6KրE>Yݱxlߧx.؅%OsWYz-KaaP$П |o@/Ogu޿tكЯ Һj^[3K쓭º>'a=&^*gB8D#7@jer ErG!<螩z$oF# MH|3r7ؕҤN t U5m_oR-W+w俒$2 G b2jJUNl*Ay 0XR/s>P`24UF` Ԋz!OJ14`­tKo1;BDO"Ч# ov̺6beL jfE߰Raw8cRKx;H0HL\Ocg~=s] XI =*4[A0żYǤi"`ɮ41lu¿O6г)(H' ?n 3I@yg=M zy<8JN)ÏYF D\fhAr&߼=jF U*AZ`YIE?q Z<6T߱ hCɉؼ&1s8.+cm{i,*>Xv;i;{>MML&x %\Q]] pW,){+z#cE Vj 괯M"05T7m>g̶ UF\|gȌQ)x>sA}F垓gg_6b Gy&3@3p6+7[3U)֜6/gзd쥽%˷}Yq v|.}zxF{%4}GRݤ#K7"%ioPm J0G`{ , CQ6Lvo>c? `vwf9zyOe]ZQYɶy S~nO(#o݂k\+<>ciЄ.Yp멎m,U|JA1Y<&[z[#*>2~ lx_Oexƪ~Qxh=' 3h m(IS` /@^nTV?[ r@c7cܢ\nO\jӟ&H.\@vbbq Y9gf;i 2 Ǣ8&U]566s֨N`^ۺKAѮx籺nat`[x)k^F:=Ou`H؂{!mR>L1e~}J<3G(u<,@cqt3#;Ηo,^zeXٽ&gP9N]]Plã5,Wc<-<P8_A^u.vrmnBQXƪa#mhT4X )^VDns^mǺoye ۊ|Va=t+a:igNb+c/χŀ-[g_qxFN|,X:ˇlg)C2^#s!YX&7$I /kta( aaɗvX4.>Ͻn̮]2fxDx\N\oRL xT$(DzU]Z 12%o,/`kV"Fz 'gE= !_5>g~C{%9:a/W54Ƙ]>zT< W{څGSE6:|,݀bVS"N$J i-9O)N*D#la, !r3 KEV z.3R/4yq{ϢQəȩ8vU_|JѬd;L/f((ʓ}E.tʢbG T*/;vV/ <\e!$oꎾV;yv<;Jjtۿ a ѸTÓ߶{KO:,غqK'||:mEKBӹ9meA0|icEg0m\}l4Gn&_!!?[eUUSA$ᑭ7}M1uc*@ٯ6vFًᷞfSذM*d.%r R[_gЧDN&N㇅ wE&l)vsmb-6C-;x)