The Mozilla Foundation has released the latest version of its Firefox Web browser, 1.07, which fixes several security problems, including a brand-new one.
While it took Firefox developers longer than they had expected to repair the popular Web browser, the latest fix is now available.
The new Firefox fixes a security hole that a remote attacker could have exploited to execute arbitrary code on an affected host.
The flaw, which carries a “highly critical” rating from security alerts aggregator Secunia Inc., is due to a buffer overflow error in the NormalizeIDN function when handling specially crafted URLs embedded in HREF tags.
In theory, a malicious hacker could haven taken “complete control of an affected system” via specially crafted Web pages.
A proof-of-concept demonstration had also been published to show that such URLs would also force Firefox to crash.
The new Firefox also fixes other security problems.
Chief among them is one also reported by Secunia on Tuesday, which potentially could have hit systems running Firefox on Linux and Unix systems.
This “highly critical” rated hole is actually a shell script problem rather than a Firefox problem per se. The shell program used to launch Firefox can also process shell commands. So, if Firefox is called by a trick URL, which contains commands, those commands, as well as Firefox, will run.
In practice, this flaw could be exploited by tricking users into clicking on a poisoned link in an e-mail message. Then, when the e-mail client calls Firefox to display the link, the commands would also run.
This kind of security hole, using backticks to run an external program within a command line or e-mail link, is a well-known one in shell programming and scripting languages like Perl circles.
This vulnerability, discovered by Peter Zelezny, has been confirmed in Version 1.0.6 on Fedora Core 4 and Red Hat Enterprise Linux 4. Other versions and platforms may also be affected.
The new Firefox also includes stability fixes. For example, until now users who tried to use a PAC (Proxy Auto-Config) script with an “eval” statement found that Firefox crashed for their troubles. This new version will process PAC scripts correctly.
Firefox 1.07 is available now for Windows, Mac OS and Linux in English. Versions for other languages will be out shortly.