Mozilla users urged to upgrade

US-CERT says earlier versions of Firefox, other Mozilla software contain dangerous flaws.

Users have been urged to upgrade to the latest versions of Mozilla's software to protect themselves from a series of critical security holes.

The U.S. Computer Emergency Readiness Team warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, version, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as "highly critical."

US-CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). US-CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.

Firefox has traditionally been seen as being more secure than other Web browsers such as Microsoft's Internet Explorer. This is thought to be the first time that multiple vulnerabilities have been reported in Firefox and the Mozilla suite.

Secunia warned that hackers could exploit the security holes to gain control of computer systems, conduct phishing attacks and bypass security restrictions.

One error that occurs in Firefox would allow arbitrary JavaScript code to be injected into Web pages as they load.

The vulnerabilities were discovered by Mozilla researchers, including Bernd Mielke, Alden D'Souza and Martijn Wargers, as well as by 3Com researchers working on the TippingPoint Zero Day Initiative.

This initiative encourages "responsible disclosure of vulnerabilities" to vendors, to give them time to put out patches before holes are disclosed to the public. TippingPoint started to disclose the holes to Mozilla from December last year.

Tom Espiner of ZDNet UK reported from London.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Details about Apple's 'spaceship' campus from the drone pilot who flies over it

MyithZ has one of the most popular aerial photography channels on YouTube. With the exception of revealing his identity, he is an open book as he shares with CNET's Brian Tong the drone hardware he uses to capture flyover shots of the construction of Apple's new campus, which looks remarkably like an alien craft.

by Brian Tong