Fix in for Firefox bugs

Security update to open-source browser patches several flaws. A similar revamp for Mozilla is on its way.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

Sept. 21, 2005 11:34 a.m. PT

2 min read

Mozilla has released an update to Firefox to fix several serious security flaws, including a recently disclosed bug that could let attackers secretly run malicious software on PCs.

Firefox 1.0.7 was issued late Tuesday, a representative said. A new Mozilla Suite 1.7.12, containing the affected Mozilla Web browser and other tools, will follow by the end of the week.

The releases were expected. A week ago, Mozilla said it would deliver new versions of the open-source software to tackle a number of flaws.

"We're strongly recommending all users upgrade to the latest version," Chris Beard, head of products for Mozilla, said on Wednesday. The organization is not aware of any public exploits for the flaws fixed in the update, he said.

The primary reason for the updates is to patch a vulnerability that was disclosed two weeks ago and that affects all versions of the Firefox and Mozilla browsers, Beard said. The flaw lies in the way the applications handle International Domain Names, or IDNs, which are Web addresses that use international characters. Hackers have apparently been working to exploit the flaw, which could let attackers run code remotely on vulnerable computers.

The patched software also addresses a problem that affects only the Linux versions of Mozilla and Firefox--an issue only made public on Tuesday. The security hole lies in the way the browsers handle Web addresses from other applications and could let an intruder gain control over a PC, according to the French Security Incident Response Team, or FrSirt.

Firefox 1.0.7 is available on the Mozilla Web site and will be pushed out through the update feature in Firefox in the coming days, Beard said. People will have to download the full new browser. The next version of Firefox--release 1.5, due by the end of the year--will have a better patching mechanism that will let people download just the fixes, he said.

Firefox has risen in popularity in recent years as a viable alternative to Microsoft's Internet Explorer. Although its market share slipped slightly recently, researchers estimate that between 8 percent and 9 percent of the Internet population uses the open-source browser. Mozilla itself estimates that between 40 million and 50 million people use Firefox.

Security has been a main selling point for Firefox over Internet Explorer. However, Firefox has had its own security woes. Numerous serious holes in the browser have been plugged since its official release. Earlier this week, security company Symantec said more bugs have been found in Mozilla browsers than in IE in the first six months of 2005.