Mozilla quashes Firefox JavaScript peril

Vista stability also improved by critical browser update


Firefox users need to update their browser software following the release of updates designed to fix multiple security vulnerabilities.

Security bugs in the JavaScript engine used by the popular open source browser might be exploited to corrupt system memory, a type of attack that could allow hackers to inject hostile code onto vulnerable PCs.

There's also a flaw in the handling of XUL popups that means it might be possible to spoof the browser's location bar, a type of attack that phishing fraudsters would doubtless find useful.

There's little or no evidence that the flaws have been exploited to conduct hostile attacks, as yet. Nonetheless, users would be well advised to upgrade to version 2.0.0.4 or 1.5.0.12 of Firefox, just to be on the safe side. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail, something that isn't a default setting and not recommended by the Mozilla Foundation.

Thunderbird users who nonetheless run JavaScript in mail received by the email client are advised to upgrade to version 2.0.0.4 or 1.5.0.12 of the software. SeaMonkey application suite users who enable JavaScript in emails need to upgrade to SeaMonkey version 1.0.9 and 1.1.2 for similar reasons.

As well as fixing various security bugs, Mozilla has introduced modifications with version 2.0.0.4 of its browser to enhance stability and improve support for Vista.

More background can be found via an advisory from the Mozilla Foundation here. ®


Keep Reading

In a world where up is down, it's heartwarming to know Internet Explorer still tops list of web dev pain points

Incompatibilities and inconsistent standards support among browsers ensure an ongoing source of headaches

Microsoft drives users to the Edge: Internet Explorer to redirect to Chromium-based browser in November

'Hey, you folks heard that there's this virus starting to spread?' – IE, probably

Azure DevOps Services reminds users that, yes, it really is time to pull the plug on Internet Explorer 11

Ignite Sure, it's still wedged in the OS, but maybe you'd prefer something shiny and Chromier?

We've come to wish you an unhappy birthday: Microsoft to yank services from Internet Explorer, kill off Legacy Edge by 2021

You need to give that plate back to us after you've finished your cake. Yes the fork too. We'll get your coat

F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch

Not to worry, there are only *searches* several thousand devices apparently exposed online

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks

Update browser ASAP after Google gurus spot miscreants abusing bug to hijack PCs

Internet Archive to preserve Flash content for posterity with Ruffle emulator

WebAssembly-powered sandbox promised to be safer than the notorious plugin

If you never thought you'd hear a Microsoftie tell you to stop using Internet Explorer, lap it up: 'I beg you, let it retire to great bitbucket in the sky'

We say take off and nuke the entire codebase from orbit. It's the only way to be sure

Biting the hand that feeds IT © 1998–2020