New Firefox, Mozilla Versions Fix Open Browser Holes

Emergency upgrades address three "critical" security problems.

New versions of the Firefox and Mozilla browsers have been released that address three security problems, including one that was made public last week.

The first fix addresses the bug that was publicized recently, in which an attacker can execute code by using a javascript: URL as the IconURL property. Mozilla is partly vulnerable to this bug.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

The other two fixes (involving Wrapped" javascript: urls and "non-DOM property overrides") also address bypasses of security checks involving javascript: URLs.

Security updates are getting to be a common occurrence with Firefox and Mozilla. This update is the fourth addressing 32 security holes in 2005.

As with all the other recent security fixes, the new versions are not patches but complete new versions that must be completely downloaded and installed through normal program installation means. Firefox 1.0.4 for Windows is a 4.7MB download.

Firefox for Windows users can obtain the update using the Tools-Options dialog. Click the Advanced button on the left and locate the Software Update section.


Check out eWEEK.coms for the latest security news, reviews and analysis.