Mozilla users warned--upgrade now
By Tom Espiner, ZDNet (UK)Published on ZDNet News: April 19, 2006, 8:11 AM PT
Users have been urged to upgrade to the latest versions of Mozilla's software to protect themselves from a series of critical security holes.
The Computer Emergency Readiness Team (CERT) warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.
The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.
According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as critical.
CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.
Firefox has traditionally been seen as being more secure than other Web browsers such as Microsoft's Internet Explorer. This is thought to be the first time that multiple vulnerabilities have been reported in Firefox and the Mozilla suite.
Secunia warned that hackers could exploit the security holes to gain control of computer systems, conduct phishing attacks, and bypass security restrictions.
One error that occurs in Firefox would allow arbitrary JavaScript code to be injected into Web pages as they load.
The vulnerabilities were discovered by Mozilla researchers, including Bernd Mielke, Alden D'Souza and Martijn Wargers, as well as by 3Com researchers working on the TippingPoint Zero Day Initiative.
This initiative encourages "responsible disclosure of vulnerabilities" to vendors, to give them time to put out patches before holes are disclosed to the public. TippingPoint started to disclose the holes to Mozilla from December last year.
Last try...
Go here.
Try this page instead (Read the rest)
- In that case... Rafterman -- 04/19/06
- At least we don't have to wait a month. CobraA1 -- 04/19/06
- No need to worry Boot_Agnostic -- 04/19/06
- Oh My God!! marbing@... -- 04/19/06
- But, but, but we had "many eyes". No_Ax_to_Grind -- 04/19/06
- Users Won't Upgrade - Here's Why msgvb@... -- 04/19/06
- People please Shelendrea -- 04/19/06
- Why Not Let Users of Firefox know prophotoimages@... -- 04/19/06
- What about Netscape (8.1, etc) ? JLuchford -- 04/19/06
- Too funny. Mo$hilla does it again. xuniL_z -- 04/19/06
- OK, it is annoying having to install patches michael_t -- 04/19/06
- Mozilla users warned--upgrade now Loverock Davidson -- 04/19/06
- This is news? wkulecz -- 04/19/06
- Xenophobia brble -- 04/19/06
- NEWS: ZDnet ON SLOW DRUGS IceTheNet@... -- 04/19/06
- Better late than never ... LilBambi_z -- 04/19/06
- more flame bait FUD corticus -- 04/19/06
- Chicken Little digital@... -- 04/19/06
- That don't confront me, I'm already updated. Mr. Roboto -- 04/19/06
- Stop the Lies about 21 undetected bugs! The King's Servant -- 04/19/06
- Upgrade? arfbsantoso@... -- 04/19/06
- Typical sensationalist FUD from ZDnet mdsmedia -- 04/19/06
- Well obviously since AOL took over Netscape rocketzoom -- 04/19/06
- Hands Up Who Got Paid For Writing Here DontFeedTrolls -- 04/20/06
- How many fell for the Firefox Fable? jpr75_z -- 04/20/06
Add your opinion
RELATED LINKS
recent blogs
- Another hole in Blogger to worry about? Garett Rogers
- Does Edelman need a PR rep? Donna Bogatin
- Apple gives you a virus on iPod, blames Microsoft George Ou
- The "Very cool" moment: Making useful software Ed Burnette
- Pick your poison: Porn or World of Warcraft Mitch Ratcliffe
- See all ZDNet Blogs
Latest Web Tech Content
- Google CEO: Techies must educate governments
- Yahoo invests in two online ad companies
- Universal Music sues two video-sharing sites
- Italy adopts Microsoft anti-child-porn technology
- Listening to cancer cells
- Subscribe to Feed
| CIO Vision Series |
 |
Watch and learn as ZDNet editor in chief Dan Farber interviews CIOs who get innovation and explain how they leverage it in their organizations. |
blogs from our sponsors
White papers & webcasts
- Timbuktu Pro 8.6 for Windows Netopia
- What Business Needs from SOA: The SOA Killer App Mercury Interactive
- Selecting a Flexible, Custom Platform to Automate Your Data Center Management Opsware
- A Practical Guide to SOA for IT Management Mercury Interactive
- The 6 Myths of On-Demand Contact Centers Contactual
- Timbuktu Pro 8.6 for Macintosh Netopia
NEWS ALERTS
Receive instant emails when IT news happens
