Mozilla Patches Critical Bugs in Firefox, Thunderbird
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Mozilla Patches Critical Bugs in Firefox, Thunderbird

Written By
Ryan Naraine
Ryan Naraine
Nov 8, 2006
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Its a bumper patch day in Mozilla land.

The open-source foundation released a batch of highly critical updates for the Firefox, Thunderbird and SeaMonkey brands and warned that unpatched users face the risk of PC takeover attacks.

The Firefox update applies to Firefox 1.5x and does not affect the newer Firefox 2.0 version. Mozilla says Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. After that, support will only be extended to Firefox 2 users.

The latest patch covers a trio of “highly critical” bugs that could cause security bypass, cross-site scripting, system access and denial-of-service attacks.

The Firefox 1.5.0.8 rollout also corrects an RSA signature forgery bug that was not completely fixed in an earlier patch.

Mozilla said that during the creation of Firefox 1.5.0.8, developers fixed several bugs to improve the stability of the product and found that some of the crashes showed evidence of memory corruption. “We presume that at least some of these could be exploited to run arbitrary code with enough effort,” the group said in the release notes.

Because the Thunderbird mail client shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail, Mozilla is strongly urging users to stop running JavaScript in mail.

“Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images or plugin data,” the group warned.

The Firefox update also addresses an error within the handling of Script objects. This can potentially be exploited to execute arbitrary JavaScript bytecode by modifying already-running Script objects.

An unspecified error within XML.prototype.hasOwnProperty can potentially be exploited to execute arbitrary code, Mozilla officials said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Ryan Naraine
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information