Friday, March 25, 2005

Firefox Security Flaw Fixed

If you are a user of the now-popular web browser, Firefox, you should know that the Mozilla Foundation has issued a patch for a major security flaw in the browser and is advising people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images. Similar memory problems have affected previous Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

The flaw was discovered by Internet Security Systems, a network protection company, and patched by Mozilla before the public even learned of the issue.

If you are thinking about trying out Firefox, you should know that the Mozilla Foundation released version 1.02 of Firefox on Wednesday to fix the problem. So, if you go to their website and download Firefox, you will be getting a corrected version. Existing users should should go to the website to download and apply the patch.

Mozilla is currently reviewing the roughly 2 million lines of code that makes up the Firefox browser to find similar vulnerabilities to those just patched. Last August, the organization offered a bounty to anyone who finds significant flaws in the software. The developers are looking with particular intensity at the legacy code that remains in the browser.

No comments: