Mozilla, Opera Plug Security Holes | eWeek

Mozilla, Opera Plug Security Holes

Écrit par
Matthew Hicks
Matthew Hicks
Aug 5, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The Mozilla Foundation and Opera Software ASA have released updates to their Web browsers to fix a series of security vulnerabilities.

Mozilla on Wednesday posted new versions of its Firefox browser, Thunderbird e-mail client and Mozilla suite that provide fixes to three issues. They include a newly reported critical vulnerability affecting multiple vendors software that uses the library for the Portable Networks Graphic (PNG) image format.

The other two issues, as previously reported, were related to the handling of security certificates in the Mozilla browsers that, among other things, could allow an attacker to lull users into a false sense of security on a site.

Mozilla had said last week that fixes were forthcoming and decided to incorporate them in new versions of its browsers, said Chris Hofmann, the open-source groups director of engineering. The new versions are Mozilla 1.7.2, Firefox 0.9.3 and Thunderbird 0.7.3.

Separately this week, Opera released a new version of its browser, Opera 7.54, to fix a set of security issues. They included a critical vulnerability reported in an advisory from GreyMagic Software that could allow an attacker to gain read-access to a users files and folders as well as to track browsing history and steal cookies.

According to its version notes, Opera also fixed a reported spoofing issue that could allow page content to be loaded without the site URL changing, along with another URL vulnerability.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Mozilla and Opera make the two most popular alternative browsers to Microsoft Corp.s Internet Explorer, which also has been plagued by security vulnerabilities. Mozillas Gecko rendering engine and code also serve as the underpinnings for the Netscape browser.

For its part, Mozilla is planning to add a new security patch mechanism into its Firefox browser, Hofmann said. Firefox, still in technology preview releases, is expected to reach a full version release this year.

For version 1.0, Mozilla is working on an automated process where users would be prompted when new security fixes are available and be able to instantly update browser components, Hofmann said.

Also earlier in the week, Mozilla launched a bounty program to entice its users and developers to discover and report security vulnerabilities.

Through its Security Bug Bounty Program, the Mountain View, Calif., foundation is offering $500 cash to users who report significant security bugs in Mozilla software. Linux vendor Linspire Inc. and Internet entrepreneur Mark Shuttleworth are funding the program.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.