 |
 Firefox update released
March 25, 2005
Mozilla releases 1.0.2 version of its popular internet Firefox browser which addresses the latest security holes in an open-source maker's software.
Firefox users need to update their browser software again after the discovery of yet another security hole. Only last month users of the open source browser from the Mozilla Foundation were asked to update to version 1.0.1, after Mozilla issued a patch to counter a security hole that opened users up to phishing attacks.
Mozilla Foundation now urges all users of its previous Firefox versions to update to the most current 1.0.2 to fix the potential threat of a buffer overflow attack possible as a result of opening Gif images containing malicious code.
The bug, which could allow an attacker to run arbitrary code on a users' system, occured when parsing the obsolete Netscape extension. This could result in a GIF processing error leading to an exploitable heap overrun.
The flaw was originally discovered by the security software company Internet Security Systems (ISS), which has been increasingly capturing headlines in discovering "the buffer overflow" problems in key security players' software.
Although no incidents were reported, the flaw could potentially lead to a computer on which the crafty graphics file has been viewed being compromised by a mastermind and result in personal data access by an unauthorised party.
"A patch was produced before ISS alerted the public", said Chris Hofmann, chief of engineering at Mozilla. "The bug patched in this update has no known real world exploits, and we were able to provide a quick response." The flaw was patched before the public learned of the issue, Hofmann added.
Mozilla says Firefox has been downloaded 30 million times since its release last year.
The new version is available from this link.
|
|
