New Firefox Updates Eliminate Major Security Flaw
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

New Firefox Updates Eliminate Major Security Flaw

Written By
Chris Preimesberger
Chris Preimesberger
Feb 23, 2007
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Mozilla on Feb. 23 released updated versions of the Firefox browser, v1.5.0.10 and v2.0.0.2, for Windows, Mac and Linux, which include the fix for a major security flaw.

The “location.hostname” vulnerability potentially allowed hackers to tamper with authentication cookies for third-party sites, manipulating how Web sites are displayed and how they operate, Mozilla said.

/zimages/6/28571.gifClick hereto read more about the location.hostname vulnerability, and how it could be used to make a malicious site appear authentic.

“We strongly recommend that all Firefox users upgrade to this latest release,” said Mike Schroepfer, vice president of engineering for Mozilla, in Mountain View, Calif.

“This update resolves the location.hostname vulnerability, and other security and stability issues. Thanks to the work of our contributors, we have been able to address these issues quickly in order to minimize the security risk to Firefox users.”

/zimages/6/28571.gifClick hereto read about a critical memory corruption flaw that wasnt addressed by this update.

The updates are available immediately in 37 languages, including French, German, Spanish, Italian and Japanese.

Other security fixes in the new versions, according to Schroepfer, include improvements to help protect against cross-site scripting attacks; an adjustment of Mozilla Network Security Services SSLv2 to stop buffer overflow; the fixing of XSS and local file access by opening blocked popups; the elimination of spoofing using custom cursor and CSS3 hotspot; and the elimination of information disclosure through cache collisions.

/zimages/6/28571.gifFor details on which flaws were fixed in this release,click here.

Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007; however, all users are encouraged to upgrade to Firefox 2, Schroepfer said.

Users who already have Firefox 1.5.0.x or Firefox 2.0.0.x will receive an automated update notification within 24 to 48 hours, Schroepfer said. This update can also be applied manually by selecting “Check for Updates” from the Help menu starting later in the day on Feb. 23, Schroepfer said.

The new Firefox v2.0.0.2 update can be obtained here. Firefox v1.5.0.10 is available for download here.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Chris Preimesberger
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information