Mozilla releases Firefox security update

Mozilla's Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered on some Web sites, according to a posting on Mozilla's Web site.

The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities could be exploited, there were no known active exploits.

Security monitoring company Secunia had rated the flaws as "extremely critical."

The update means that people can safely install extensions from non-Mozilla sites, whereas before they were at risk because of the vulnerabilities, said Chris Hofmann, director of engineering for Mozilla.

Currently, Mozilla has the update out in 12 languages and anticipates sending it out in another 24 languages in the coming days, Hofmann said.

Since the debut of Firefox 1.0 in November, the browser has grown at a rapid pace, passing the 50 million download mark last month.

With its initial release last fall, the open-source browser has demonstrated to analysts that the mature Web browser market dominated by Microsoft's Internet Explorer can be shaken up. Microsoft's IE has begun to see its market share dip slightly--a first in a number of years.

Firefox held 6.8 percent of the domestic market share as of late April, while Microsoft saw its role dip to 88.9 percent, compared with more than 90 percent share last year.

The fast-paced growth of Firefox, however, is beginning to show signs of slowing, according to results released this week by WebSideStory.