Wednesday, December 20, 2006

FireFox Update

Mozilla has released an updated version of both their Firefox 1.5 and 2.0 versions. If you use Firefox, you may have been already notified by your browser that updates were available. If not, go the Mozilla website and download the latest version. It will install right over your existing version in less than a minute.

In addition, if you use the Mozilla e-mail program, Thunderbird, you also should update your software if you haven't been already notified. If this seems like a lot of updates all at once, well, it is. Mozilla has labeled most of the updates "critical," while security-firm Secunia has rated them "highly critical." So apparently something was found that needed to be fixed right away.

The folks at Mozilla were a little less than forthcoming regarding the updates. According to their published statement, "As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort."

The updates patch a wide range of flaws in Mozilla's products, from problems with RSS feeds to the way that JavaScript is used in e-mail. Mozilla recommends that users disable JavaScript in Thunderbird to prevent unauthorized code from affecting their systems. Other problems fixed by the latest round of updates include the way the browser renders graphics on certain Web sites and the way it renders custom cursors through CSS, or Cascading Style Sheets. The latter problem can lead to buffer overflows, in which a piece of software attempts to use more than its allotted memory and sparks a system crash as a result.

Despite the newly patched flaws, Mozilla's browser is widely believed to be safer than Microsoft's Internet Explorer, which suffers from countless hack attempts on account of its popularity. Even so, if you use Mozilla products, do the updates, if you haven't already done so.

No comments: