Firefox Flaw Carries Code Execution Risk

 
 
By Ryan Naraine  |  Posted 2006-05-03 Print this article Print
 
 
 
 
 
 
 

Mozilla releases Firefox 1.5.0.3 to correct a "critical" denial-of-service vulnerability that could have serious ramifications.

A new version of the upstart Firefox Web browser has been released to patch a "critical" flaw that could lead to the execution of malicious code.

According to Mozilla, Firefox 1.5.0.3 fixes a publicly reported denial-of-service bug that can theoretically lead to a more serious security issue.

Mozilla described the flaw as crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on.

"This generally results in crashing the browser, but in theory references to deleted objects can be abused to run malicious code," the open-source group said in an advisory.

Older clients, including Firefox 1.0.x and the Mozilla Suite 1.7.x, are not affected.

The patch comes just weeks after the release of Firefox 1.5.0.2 as a "significant security and stability" update.

Read more here about Firefoxs most recent security makeover. Firefox 1.5.0.2 also shipped with native support for Macintosh with Intel Core processors and improvements to product stability. In addition, it was fitted with several improvements for the Japanese locale, and fixed common crashes performance, including several known memory leak issues.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel