Critical Flaws Patched in Firefox

Mozilla said Thursday that it had released Firefox 1.5.0.5, which includes several security fixes and stability improvements over previous versions. It is also expected to be the last version of Firefox before developers turn their attention to Firefox 2.0, due out September 26 according to the latest roadmap.

"Firefox 1.5.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers," Mozilla said in its release notes for the new version. "We recommend that all users upgrade to this latest version." Users of Firefox 1.0 are also strongly urged to upgrade due to the security enhancements provided.

Among the critical flaws addressed in the new release are a memory corruption vulnerability that occurred after a crash of the browser, four JavaScript issues including one that poses a privilege escalation risk, another memory corruption issue caused by simultaneous XPCOM events, and a code execution risk through a deleted frame reference.

All told, the latest version of the browser fixes some 12 issues; seven rated "critical, 2 "high," and three "moderate" by Mozilla. The company considers a flaw critical if it can be used to run code and/or install software, and requires no user interaction beyond normal browsing.

Mozilla also released Thursday an alpha version of Thunderbird 2.0, the company's e-mail client. According to a list of tentative enhancements, new features will include tabbed messaging, favorite folders, a conversations feature similar to Gmail, and improvements in the handling of junk mail among other features.

52 Responses to Critical Flaws Patched in Firefox

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.