Firefox update patches security holes

The update tackles seven flaws in the open-source Web browser, including four rated "critical."

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Sept. 18, 2006 6:03 a.m. PT

Mozilla has sent out an update to Firefox, designed to address seven security flaws in the open-source Web browser.

Firefox 1.5.0.7, released Thursday, tackles a problem that lets outsiders run code remotely and aims to improve the product's stability.

Of the seven vulnerabilities fixed, four are rated "critical" by Mozilla. The new browser version addresses the circumvention of security via an RSA signature forgery flaw, as well as cross-site scripting vulnerabilities. In addition, it patches a JavaScript regular expression heap corruption issue and a memory corruption issue that could lead to the execution of code.

While the update addressed four critical flaws, it was less extensive than one released in July that contained fixes for seven flaws.

The release of Firefox 1.5.0.7 comes alongside the online publication of exploits to attack Microsoft's Internet Explorer. The 5.01 and 6 versions of the Web browser, running on all current versions of the Windows operating system, are affected.