Mozilla Foundation rolls out second security update for Firefox browser
Saturday, March 26, 2005
The Mozilla Foundation released the second major security update this week for their flagship browser Firefox. The fix patches a serious flaw in the way Firefox handles animated GIF image files. Firefox browsers infected by malicious code could experience a buffer overflow, temporarily locking up or "freezing" a user's computer, or even executing arbitrary code which could take over a user's computer.
The flaw was discovered and reported by Internet Security Systems, Inc. The upgrade was the second major security fix in less than a month for the browser, which has grown in popularity to ten percent of the browser market in the United States.
Although there were no known exploits of the bug, Chris Hoffman, director of engineering at Mozilla, told reporters, "[because] Mozilla is committed to delivering the most secure product possible, we decided to quickly issue an update to patch the bug."
The Mozilla Foundation did not offer any details about the issue of vulnerability, but a second major security overhaul in such a short time underscores challenges faced by the nonprofit foundation as it goes head-to-head with the market leading Internet Explorer browser by Microsoft.
The new release, Firefox version 1.0.2, "illustrates the dedication of the strong community of developers working on the product," according to Hoffman. "...we’re able to turn around patches much faster than a traditional corporation," he added.
Users can download the update at no charge, and can find additional information at the Mozilla website.
See also
edit- "New version of Firefox web browser released" — Wikinews, March 1, 2005
Sources
edit- "Firefox gets a GIF-related buffer overflow fix" — NewsForge, March 26, 2005
- Ryan Naraine. "Firefox Gets Major Security Makeover" — eWeek, February 24, 2005
- Paul Thurrott. "Mozilla: We're More Secure Than IE" — WindowsITPro, March 25, 2005