Mozilla Patches Firefox, But Site Suffers Brief Outage - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
4/18/2005
12:36 PM
50%
50%

Mozilla Patches Firefox, But Site Suffers Brief Outage

Mozilla's browsers have been patched against a half dozen or more vulnerabilities, the open-source group responsible for producing the popular Firefox and the older Mozilla suite said late last week.

Mozilla's browsers have been patched against a half dozen or more vulnerabilities, the open-source group responsible for producing the popular Firefox and the older Mozilla suite said late last week.

The Mozilla.org site was offline and unavailable for nearly two hours Monday, but at the time of this posting, it was back up and running.

Firefox updated to 1.0.3 and Mozilla to 1.7.7 on Friday, both updates essentially security fixes that plugged nine and six vulnerabilities, respectively. The most substantial vulnerability was a bug in the JavaScript engine's memory heap management, which was first reported earlier this month.

Other vulnerabilities -- including some that were reported by bug hunters who were paid the $500 Mozilla bounty -- were also fixed in the updates, said Chris Hofmann, Mozilla's director of engineering, in an e-mail.

Danish security firm Secunia tagged the vulnerabilities both Firefox and Mozilla as "highly critical" and noted that most could let an attacker insert his or her own code onto a compromised machine. In several of the vulnerabilities, however, the end user has to help the attack by, for instance, opening a blocked popup.

"There have been no known exploits of the bugs patched in Firefox 1.0.3 and Mozilla 1.7.7," said Hofmann on Friday. "We work toward getting these updates to our users as quickly as possible."

By Sunday, however, exploits were circulating, according to Finnish security firm F-Secure.

Two of the bugs -- one involving a site's "favicon," the other related to the browsers' sidebar -- could be exploited using proof of concept code that F-Secure spotted on Internet mailing lists. "These exploits allow the attacker to run arbitrary commands on Firefox before version 1.0.3 and Mozilla before version 1.7.7," said F-Secure's Mikko Hypponen, the company's director of anti-virus research, in an blogged alert. "We advise all Mozilla and Firefox users to immediately patch their browsers. Otherwise you might get nasty stuff happen[ing] on your computer just by surfing to the wrong site."

Updates to Firefox and Mozilla are normally posted to the mozilla.org Web site, but neither browser yet features an patching mechanism, which requires users to download an entire new installation file that in Firefox's case, runs 4.7MB.

"We encourage all our 45+ million users to download the update," urged Hofmann.

Even while the mozilla.org site was offline, users were still able to grab a copy of Firefox 1.0.3 or Mozilla 1.7.7 direct from the group's FTP server.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll