Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Mozilla Plugs Firefox 1.5 Security Gaps



 By: Ryan Naraine
2006-02-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Firefox 1.5 gets its first security patch to fix a denial-of-service bug and several unknown vulnerabilities.

The Mozilla Foundation has shipped the first patch for its flagship Firefox 1.5 browser to plug a series of security vulnerabilities and memory leaks.

The open-source group has started pushing out Firefox 1.5.0.1 as an automatic update and recommended that all users apply the upgrade to protect against a known denial-of-service bug and several undisclosed security issues.

Click here to read eWEEK Labs review of Firefox 1.5.

"We recommend that all users upgrade to this latest version," Mozilla said in a note posted online. In addition to security patches and fixes for memory leak issues, Firefox 1.5.0.1 also promises improved stability and improved support for Mac OS X.

Resource Library:

The Foundation did not release details on most of the security flaws being fixed. The published list of patched Firefox vulnerabilities has not been updated to reflect the new browser release.

Over at Burning Edge, a list of notable bug fixes has been documented, but although mention is made of several "security holes," details remain scarce.

eWEEK has confirmed that a denial-of-service flaw believed to be serious enough to cause code execution attacks has been fixed. An exploit for that vulnerability was released in December, but Mozilla downplayed the threat, insisting it was more of an "annoyance" than a serious security flaw.

The exploit was confirmed on Firefox 1.5 on Windows XP SP2 (Service Pack 2) and is caused by an error in the way the open-source browser handles large history information. A successful attacker can fill the browsers "history.dat" file with large history information by tricking a user into visiting a malicious Web site with an overly large title.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Mozilla Plugs Firefox 1.5 Security Gaps
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


xr㶲0;; ʷ♵MR-b[^f&uT I)|IzgyoP/gq2DFh4$sW7-gL.\sfS;uA@ Y>%>{ '(+o1mnf]( _h7wGlJ AT1vRM Ɠ5?X1 |+[S}Lq~qlv .hvLIlGtuGѦ%Hxu)t(DHږyH6EGJ;ߣ*C7 ݩx8/DeOXHYɼMcAq45A[h  =k~|Ek0Ni?@Sա*"U{Q5hw/E /B1r!f-{4M*- DFL$؁y$f=Qw^A]õ]ZΑR͌e:o tG ob=uק&Y! .$g >N_FBԿBK8VR=/y y>z:t^u ¿ yo@סn܎}wd&a-Q,s&"U+wS&>dRr[dQȲnMw3a[mѡlطZkuE9,},^/[,\hӟoF_{JU4Eٿ]vή $QPw;@ VҝuP\ti\v?? ǁ#ñ B'?Fj}&UJDZ-i& _?.gN{] x[Kj%٥~hY̞ofV҈ gUUY:lni_Wם^gGם)7f٘Y jiUd\]2,U5M{#kr9n3鐚&tXaV|]kU[_{o!&w@"rVJze_R ?#3p=jIo]}::$7cY>韐/ !}_w nr@ i/],,Y`MImdʩ$S@kNXҬ[cW MZ!rƒ) u$u(7>hr Q@e)#p?݇IhJq䨉k>ذ 1"%iJyO{Ջ"}Et"AͩOW%ތ1E|r'E !\J!=!0!p,j4pOಖyp1Bwެ-ej4ޙϋ~ӲKwqnUO^ S35ލh.B2i%!8W5MGVOL絯Tf~X}U9-zQnʼnl :2X jXR7HaQgtA`:)ҧ!>RӚMCqRO#Gs>H2AG61^zK ucb>'a ;pw>-Fv13{Q {>0iCkJQD4״ l"]LR}l 8d $(s>w[L,)`wCPbL{TM`@#g ,zC @l߃5#~[-[Z6x O͙A }]x~9-RC1@|JIIL"D% R h4AGEBENmbo$HXVphT6ݞH:w@T*esRأXB YX/E_R23#CdɬaX91{MfT`"[ᛥLKak`F\jI$M#AӐIqLZۯ(CeEgl;S8#_Όp?[~8t)iBI ?,xpoFaB?5fѪ)C&=B3A ~6;:-Ȧ5}j0B11 }wʠ:'E_ ۝PޖKGxL(= }Y9&4Y ̇J>5nVAL  |U=kb$`~ }iȜ^dtTRo?mMv;ppZ#{+%UVLG,m+^viz\[6`aPeQ@7MVRQy5:ǮAwm0H{{L'!|2躢΍Gű<bj\X,~)©5r1|jj0!B,Vũ(j^;< 1 ­r]ilu0q`(1Z3:uV*_M;$!W7wIQ)0kM8v9E1ǁ^{E[# F:7a/S" @4 y *Ozq  b (h bAzpS ([XR7,PУGk]W9(#߬0hh<]HzT%דCjvXVkqvJ.΂∣8 ktrFg}qs`ћx?Sc`9g?7`3|x+ߙ[WaeƘ]H`c+0\ +RU0p5K2)N<:ar]TՑn OQGA.C{MtAk[, ܠYAaiϖ}^.-y~R%'؂ޯњ nE`9^R˶SN+X@8u4[\YW` > ~6F8bƏaj4X[ %}gzoB6E׌Lt0ȐNǝWlȡ0tR\AOq?:(TZ7cm{H^ac7U[@oRF)'[WNj&h\JEWDIV`]jX|8.SoR~Qjy6UG3>dߊzf!1@:;J#qSՆnVIu9dLfaNg1•0ck&&w?g`̦v_߯X17(pO,УG'~3O>"Ǥ|e2,tn1a%[œ[2|'@d93NQg |0kռfwṛ: ߀&?\@qc`n} 2v"=zJ*~1'Yo\ ܮ:RJ r1]]2Y1Gci}[Uה1Ze ɲ7)Ь6V#ie.N3)a(&6}j;_&*|)2SG)kEXqk\U C=,N =X畔Z=4¢lz z|Ic#&a\kxk_(uO(Ke嵤:i1RʵRM()BoE잔n,: ĕ,6" l[ ezפ_+Gs;"Jgԋbr{q>'F{4lGj+jBgyr`3O?f#[iYyVum4ItH"5Hq+$˴%I?N0QtA*}/*\$Iv3ҿ﩮 BGDo0|^% RfCZִ2hw ĶVU '}D.,ӄ>zArVS=YKrvzJ5dPeHb.XO}+tS1wOXL\ tKO7ƒ"GUI Dw)Cr޹lKixx\NC R?!hSHv::b3ڌ7MJ,#|axKwD!mE@ }^9`L\X5c-ͅHgZO㪱=#٠j+: ?v}8zd ,F}d3DӼ0hɘAhl7B_7nC]`l]C1o~ˤaW*]c{*{w}wo]VZtC.qB1Vd/)&%ϓy L OK = Fݽ]vBĬxBwdO>^jDc|W92/ [a[C؞qaL2F`G ƔI ic$H)Y4 M _56 Z;a6 *|ZbZyba$\}5 ߈;6bE IMi|o(o&򽡎xk5) kN7_C_bJKдg=.0QQ@(|2.mE.zQv%Fc7Y+x˗iL@4ۺ Y;}_Y7#w:+X'L\rOI3ꖧ,KCuPW=tȅ.6_?}ip8{xf6<uLvGyE ߘ]R@>ė,Dn!" ;y*lw^S0$nTSvX,p0ǸUe"['fo6SMG-d(΁,D83FB\-|v({P>Ɋu1?QBNȃ2 A>s量Bb.5is2PI <9n ) \;K]H8bb?=`[qΧ4Q?ۧiMl,T D_ps&⫔|]*5X%; ʐ.ɼnvԭ$+15VaNcNv` U%VHj;<𵋜Td!s9i'adan2hdy.t2nS?XE' K2њVI VˏW/Ap@ڢI!~#=ڌ,JHl4 "7*蛯;ZȖޑImdx f@]D#Y= S^iƦ:  uWԟXyjQj& '`u'[uS~+!RүTj?@萘C  C@oSF[Ⓔ$mc.)Vrl[cx)+z=XyP9OqpD#8F$7DX='UQ)sahĽ҃PBYM%TNm~^Awe4# j_^.ky.'%Xٔߪho}r 3ۡEYI=I+{KۑKTۯFW4b+R6rweb#עQD4 a{sMS6eK+fzADߗ40uNTwL݋I"Tj%E #u$0D@ɾ |DؚmxU(/2 %q7g7g7g7gw&WՒD_Os2ȋ"]m"SJ7R$w>}@}TTd|MrsB8xق ix̭xW>kB:sSoT5 bC|Xe! ULe5 UUE:<G3B"2֟;$zN/aiǚybus}~:Q4%uo%lO)Ks b9QSBRMUx$nFcIFY 6JXxZ=1hi1zZIS|i $)̽nKHW}NсAnR&URMi8<n\g׾"<.ِ*/Y|'NFȧs^g "OJgj Ym:mRA#1SAA0O{ܦbs˙=0Azԑ-)"\LoE{)}#.˻/plk/ǫ3FBسx;g&zWȀnɴW3tOS~*~*~*~*ub\mb<a۱Yw4 ]iX϶L7%|5u_]=gQ?w6_}bzdUܹN&?_ 6/⥽^FxOȧrܒ\`2^˶$}kc+.?A1D b@/j]L=0&S4AfCԸl`8{~I{ʞVS,JY+ ZI8O:&-x Q)yν/} $6ݓ"fv;"^(W#BֽtPwho?t? b+nb]L5|5ձ h'=dd 7zP]ޣA\ۦ;JDn| Qk"ڃ]DPVôyScWF%3z J 0KAX^q S3&Ib~4#uT_RSw-Zï[#rd! `,%o,"%xa oquQ%,0um/+iyp0^z_1jsϙTh,ZNtVĥ+pL1S%R0ZYE]ɖ1xy[/Oz'5aL7P;IU6'a|QB;@*VH5i3yMq5&@ 6L}^ŠX@kJk&ĀZk׵u3cY<57SYzZ<1xfU'j*%oa0uv=Ԙth 7p cbycqRrPe=B6fkLTp*,Omt{ÚV!s^/ժsZE=4[S(qJ:<}Q-mEJ)!g#y s|rP[˜oW-F]5Φ¶Q䈏ϙ])xo/5!oI{m>a<˜=Μ!9SF;1뮒tڤJ3>нg3B;w^?js~碷 +K9Z`3+nVTm}qV9fk2AJO`Lwtc zXv/>VHՕod]C2G6uE)dλ0wCEvx1q !̆\oX|J7o8f+Hג s) 5_/{ʾR0F$u2Dt083*%2)H9 dU 79_zLi}nOKZ&G6@@P0H4ooQqn#BLk43D0|kXa،N| D(/pYQJNi21S:9nzZ>ZAe YW'>;P!65BA^@Jc>4 5NMo )n}>eЌLjV}QuxS S+S~ ׫ˏ[.wsʑO'c(?^]~ 9͡Gc?AgB󬳺sRhvNrN~\rʿ@<^3>_<@ߋ^}.rsE^^'eN/?C3(?)#/ra|/s2G~.a.sƯ ws.n~+x*kA{9A{9s/(O_r3+}g@M^9M@79_zy[9rֺ…۩QNy*P/nvs ث:WK?s_r AF&话Iz]!,.5PW[k /YSݲWI m{}h}/1^ZF9/Rl29AQFgG6+.ȭ-'Hl]=g%%x=0?Mu1Wvl+x.ߔ[nNJ>z9.~QFxd\$h{dZc+mFDg*}b>Ş_ >Zo.TùLHd v"}M)/09eoE52FXk[MAc>7q>+soA f&}#Km^[#cq}(!3F(K9#*).Y{N6 )4M˚HѝyXI%9wv=鱽$(\d~\e;Tj[en-B`+/2^;'g\zH|c,XoOT*L[s |qK:AN_,s7eQ&PLŽc)JqIȥI񟄷zH,爔事6SAQ^+yJ>? T|- 5G\6LDR }Jm<'6}Fu;H "@g~C{%9w:~0>~09&rX)>ٔ6s޷`=`Z.<',(`,Lv"VTHkMΡmlpR!efƲ"7cP!X]-nB@:S .x C,$ˋ}P cyx ŧ$ASb0xDtƙW3.r +Sq9o/\S,{ٗN[/<|;XYt0y']f*FRqOR||<,)>w3u㖗xty"EmGӽ>igA0}Us1]/ CM+_0dF-<#Dg˳̆UZ*$