Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mozilla Update Fixes Firefox, Thunderbird Security Flaws
CSO ^ | Feb 23, 2007 | Robert McMillan

Posted on 02/23/2007 5:41:39 PM PST by holymoly

Mozilla Corp. has released an update to its Firefox browser, fixing a number of security flaws in the product.

The Firefox 2.0.0.2 release includes a fix for a bug disclosed by security researcher Michal Zalewsky last week. That flaw can be exploited by attackers to manipulate cookie information in the Firefox browser, making it probably the most important fix in the update, according to Window Snyder, Mozilla’s head of security strategy.

"The potential to compromise a user’s account is almost as serious as compromising their machine," she said Friday via instant message. "Since the details of how to exploit the vulnerability are publicly available the risk to users is increased."

The updates also include a fix for a previously undisclosed memory corruption flaw in the browser that could be exploited to run unauthorized software on a Firefox user’s computer.

This flaw could also affect Thunderbird users who have configured their mail client to run JavaScript automatically, something that Mozilla does not recommend. Thunderbird is Mozilla’s free e-mail client.

The patches were released on Friday afternoon and should soon be delivered via Firefox’s automatic software update mechanism, Snyder said.

Mozilla has patched a total of seven Firefox bugs and is also addressing two bugs in Thunderbird.

The latest browser release also includes enhancements to make it run better with Windows Vista as well as support for the Afrikaans, Belarusian, Georgian and Kurdish languages.


TOPICS: Chit/Chat; Computers/Internet
KEYWORDS: mozilla; thunderbird
FYI
1 posted on 02/23/2007 5:41:40 PM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly

My Firefox just updated so it's available now.


2 posted on 02/23/2007 5:48:52 PM PST by Bigh4u2 (Denial is the first requirement to be a liberal)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; PenguinWry; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; ..

Mine updated earlier this evening.

3 posted on 02/23/2007 5:50:52 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

4 posted on 02/23/2007 5:54:31 PM PST by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bigh4u2

Thanks, just got mine.


5 posted on 02/23/2007 6:03:45 PM PST by doc1019 (If Obama is elected as President, we will become an “Obama Nation”.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: holymoly

Got mine an hour ago.


6 posted on 02/23/2007 6:23:16 PM PST by Lokibob (Some people are like slinkys. Useless, but if you throw them down the stairs, you smile.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

I updated my Firefox and it downloaded 1.5.0.10, not version 2.0.

Do I need to uninstall 1.5 and reinstall 2.0?


7 posted on 02/23/2007 6:26:41 PM PST by texas booster (Join FreeRepublic's Folding@Home team (Team # 36120))
[ Post Reply | Private Reply | To 1 | View Replies]

To: texas booster
I updated my Firefox and it downloaded 1.5.0.10, not version 2.0.

Do I need to uninstall 1.5 and reinstall 2.0?

That strikes me as odd.

I can't imagine there would be anything wrong with un-installing 1.5, and re-installing 2.0.0.2.

Just to be safe, you may first want to visit the Firefox Web Forum, and ask there.

8 posted on 02/23/2007 6:42:00 PM PST by holymoly (Molon Labe)
[ Post Reply | Private Reply | To 7 | View Replies]

To: texas booster; holymoly
Doesn't the auto update feature only work on 2.0?

I'm running 2.0 and it hasn't updated autoamatically either...

9 posted on 02/23/2007 6:49:37 PM PST by Ernest_at_the_Beach (The DemonicRATS believe ....that the best decisions are always made after the fact.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach

One of my systems updated and restarted with 2.0 just fine.

My main system did not update automatically, and was running Firefox 1.5.0.09.

I hit the Update button and it upgraded to 1.5.0.10, not 2.0.

No direct answers that I saw quickly on the Mozilla forums, so I uninstalled and jumped to majorgeeks.com for a fresh install.


10 posted on 02/23/2007 6:56:05 PM PST by texas booster (Join FreeRepublic's Folding@Home team (Team # 36120))
[ Post Reply | Private Reply | To 9 | View Replies]

To: texas booster; holymoly

Mozilla is keeping parallel versions of Firefox updated for the time being. Version 1.5.0 and Version 2.0.0 will both receive the security patch. However, after April 24, 2007, only version 2.0.0 will be updated. So you're set until then.
See the page linked below (BTW it hasn't yet been revised to show today's release).

http://www.mozilla.com/en-US/firefox/releases/1.5.0.9.html


11 posted on 02/23/2007 6:56:20 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach
Doesn't the auto update feature only work on 2.0?

Jeez, I don't know. I never use auto update.

12 posted on 02/23/2007 6:57:59 PM PST by holymoly (Molon Labe)
[ Post Reply | Private Reply | To 9 | View Replies]

To: texas booster

So did you upgrade to Version 2.0.0.2 then??


13 posted on 02/23/2007 6:58:24 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 10 | View Replies]

To: holymoly; Ernest_at_the_Beach

Auto-update should work on both versions. Make sure it is turned on. In version 1.5 go to Tools, Options, Advanced, Updates and check the appropriate boxes. It may however, be set on some sort of a clock that checks once a day when your browser is open, for example.


14 posted on 02/23/2007 7:04:15 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 12 | View Replies]

To: texas booster

you need to download the mozbackup utility and run it.
This will save all of your bookmarks, passwords, extensions, and all the other addons and stuff you've customized to your FF 1.5.x installation. http://mozbackup.jasnapaka.com/download.php

You can then donload FF 2.0.0.2 and install it as a new installation, and retain your 1.5 installation for the time, just to be safe.

Everything you saved with mozbackup SHOULD be automatically brought into the 2.0.0.2 installation with the new installation wizrd that comes with firefox 2.0.x


15 posted on 02/23/2007 7:13:29 PM PST by JerseyHighlander
[ Post Reply | Private Reply | To 7 | View Replies]

To: JerseyHighlander

the mozbackup will create an achive of your addons and other options and setting for FF1.5

After you install FF2.0 you can use mozbackup to transfer the archive into 2.0 and you'll almost seamlessly transfer to 2.0


16 posted on 02/23/2007 7:15:44 PM PST by JerseyHighlander
[ Post Reply | Private Reply | To 15 | View Replies]

To: JerseyHighlander

Well, coming from a former Soviet block country, I hope it doesn't come with a virus.


17 posted on 02/23/2007 7:19:26 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Ernest_at_the_Beach

Just got my auto-update notification.


18 posted on 02/23/2007 7:21:47 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 9 | View Replies]

To: CedarDave

Version 2.0 of Firefox it is. With 5 systems at home I don't do a very good job of keeping my versions in line, unlike at work.

My wife keeps muttering something about the shoemakers children, but I just can't make out what she is saying.

Funny thing, on most M$ products I don't jump out the first day that upgrades are available. With Firefox, Opera, AVG or Folding@Home, I will grab them as soon as I can ...


19 posted on 02/23/2007 7:22:32 PM PST by texas booster (Join FreeRepublic's Folding@Home team (Team # 36120))
[ Post Reply | Private Reply | To 13 | View Replies]

To: JerseyHighlander

Nice utility. It could really come in handy considering that I force my computer customers to use either Opera or Firefox.


20 posted on 02/23/2007 7:23:45 PM PST by texas booster (Join FreeRepublic's Folding@Home team (Team # 36120))
[ Post Reply | Private Reply | To 15 | View Replies]

To: texas booster

Version 2.0 has been out since last November, I believe. Has had two updates; this is the second. I've updated my laptop but not my desktop because one of the extensions I use has not been updated to version 2.0. However, I like the autospell check on v.2 so probably not worry about missing an extension.


21 posted on 02/23/2007 7:30:31 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 19 | View Replies]

To: CedarDave
BTW it hasn't yet been revised to show today's release

After I did the update to 1.0.5.10 the proper release notes popped up:

http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html

22 posted on 02/23/2007 7:53:06 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 11 | View Replies]

To: JerseyHighlander

Excuse my off-the-cuff comment; I was snarly. I've looked further at the program and it seems to be able to perform a comprehensive backup.


23 posted on 02/23/2007 8:05:59 PM PST by CedarDave (Vietnam Vet Remembers -- This Time ... SUPPORT the Troops, COMPLETE the Mission)
[ Post Reply | Private Reply | To 15 | View Replies]

To: CedarDave

Thanks,...I had update on...so maybe tomorrow...I set the flag so he asks me if I want the update....


24 posted on 02/23/2007 9:45:16 PM PST by Ernest_at_the_Beach (The DemonicRATS believe ....that the best decisions are always made after the fact.)
[ Post Reply | Private Reply | To 14 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson