Welcome!

Linux Authors: Katharine Hadow, Hovhannes Avoyan, Anatoly Krivitsky, Pat Romanski, Suresh Krishna Madhuvarsu

Related Topics: Virtualization

Virtualization: Article

Mozilla Firefox 1.0.7 Release Fixes 2 Major Vulnerabilities

To Avoid Security Problems, Download Firefox 1.0.7 Right Away
By Security News Desk
Article Rating:
September 22, 2005 01:30 PM EDT
Reads:
 14,418
Mozilla Firefox 1.0.7 was released yesterday and is now available for download. Fixes are included for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw.

There are also other security and stability changes, says the Mozilla Foundation, including a fix for a crash experienced when using certain Proxy Auto-Config scripts. In addition, some regressions introduced by previous 1.0.x security updates have been resolved.

Firefox 1.0.7 can be downloaded from the Firefox product page or from here.

An equivalent update to the Mozilla Application Suite, Mozilla 1.7.12, is expected shortly.

The Linux command line URL parsing flaw could allow an attacker to execute arbitrary commands on a victim's system. The bug exists in the Linux shell scripts that Firefox and the Mozilla Application Suite rely on to parse URLs supplied on the command line or by external programs. If the supplied URL contains any Linux commands enclosed in backticks, these will be executed before Firefox or the Mozilla Application Suite tries to open the URL. Variables such as $HOME will also be expanded.

Published September 22, 2005 – Reads 14,418
Copyright © 2005 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Security News Desk

SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.