Mozilla Updates Firefox Ahead of Black Hat - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

Power Search | Tips

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• Internet Explorer 8

Most Popular Software Downloads

• Mozilla Firefox 3.0

• QuickTime for Windows

• Ad-Aware 2008 Free

• Internet Explorer 8

• Adobe Flash Player

• Paint Shop Pro

• Windows Live Suite

• AVG Anti-Virus Free

• Winamp

• Spybot Search and Destroy

Most Popular Software Articles

• Windows Vista Tips & Tricks, Part 1

• Windows Vista: Worthy of the Hype?

• Windows Wireless Zero Configuration: Five Steps to Sanity

Software Reviews

Mozilla Updates Firefox Ahead of Black Hat
Mozilla Firefox 2.0.0.6 Released with firefoxurl Security Patch
Sean Michael Kerner

Mozilla has patched a pair of security vulnerabilities in its Mozilla Firefox Web browser just in time for its release of security tools at the Black Hat security conference in Las Vegas this week.

The most notable security fix is the critical fix for a flaw that Mozilla first blamed on browser rival Microsoft. Mozilla Foundation Security Advisory 2007-27 is the open source group's second attempt at fixing a flaw dealing with passing bad addresses and information to external programs.

Mozilla has been struggling with versions of the flaw since it was first when it was first reported July 10. The actual flaw involves the "firefoxurl://" uniform resource identifier (URI) handler, which enables Firefox to call on other Web resources.

In the Firefox 2.0.0.5 release issued July 18, Mozilla claimed to have fixed the flaw and noted that Microsoft still had similar issues and that the fix took care of Firefox.

However, Mozilla Chief Security Officer Window Snyder admitted that Firefox was still at risk from the flaw a week later. She pledged at the time that Mozilla would move quickly to fix the issue properly.

A week later, here it is: Firefox 2.0.0.6.

"Jesper Johansson pointed out that Mozilla did not percent-encode spaces and double-quotes in URIs handed off to external programs for handling, which can cause the receiving program to mistakenly interpret a single URI as multiple arguments," Mozilla explained in its latest advisory.

"The danger depends on the arguments supported by the specific receiving program, though at the very least we know Firefox (and Thunderbird) 2.0.0.4 and older could be used to run arbitrary script."

The second fix in Firefox 2.0.0.6 also fixes an issue in Firefox that Mozilla thought it had fixed in the Firefox 2.0.0.5 release. Mozilla Foundation Security Advisory 2007-20 describes a privilege-escalation flaw.

According to Mozilla's advisory, the flaw was introduced by the fix for a frame-spoofing flaw that was fixed in the 2.0.0.5 release.

In addition to updating Firefox, Mozilla has also updated its Thunderbird e-mail client for the same issues, to version 2.0.0.6 as well. The future of Thunderbird itself is currently in question.

In a series of blog posts over the last week, Mozilla's CEO Mitchell Baker has indicated that she would like to see Thunderbird spun out from under the auspices of the Mozilla Corporation. No decisions have yet been made, nor has a timeline been published as to when Thunderbird might be moved.

The Mozilla release notes for the 2.0.0.6 releases do not indicate whether any flaws were fixed in Mozilla's products as a result of the open source groups own security scanning.

At Black Hat this week, Mozilla is expected to release fuzzing tools that will enable developers to break the browser in order to find and fix flaws.

News courtesy of internetnews.com

July 31, 2007

Download Mozilla Firefox 2!

Download Mozilla Thunderbird!

View All Web Browsers

Contents:
1. Mozilla Firefox 2.0.0.6 Released with firefoxurl Security Patch

Additional Articles:

Mozilla's Newest FireFox Takes Flight

Browser Wars v.2004: Part 1

Browser Wars v.2004: Part 2

Mozilla Firefox's Volunteer Launch Brigade

Rise of the Underdog Browser

Firefox Makes It Official

Add-ons Extend Firefox Growth

Getting the Most Out of Firefox

Firefox Thankful for Strong November

Firefox, Others at Phishing Risk

Browser Wars: Who's Winning, Who's Losing

Firefox Torches Competition for Enterprise Linux Award

Mozilla Updates Firefox

New Firefox Vulnerability Pushes Latest Update

Firefox Update Patches Three in Time

JavaScript Flaw Hits Mozilla Users

Beware the Browser Backlash

Another Flaw Found in Mozilla

Google Extends Firefox

New Firefox Fixes Holes

Firefox Advocate Site Hit by Hackers

Mozilla Goes for More Green

IBM Donates Code to Firefox

Firefox Losing Its Grip?

Mozilla Under Fire

Mozilla FireFox DoS Exploit Code Released

Firefox: Nearly a Year Old And Now 100M Strong

Happy Birthday, Firefox 1.0

Firefox Upgrade Near

Firefox at Critical Mass?

New Firefox Kills Bugs

A Word-Wise Firefox Extension

Mozilla Plugs Firefox Bugs

FireFox Fixes by the Dozen

Goooaaal! Google, Mozilla Kick In Soccer Fix

Firefox 2.0: Mozilla's Tabs Overfloweth

Firefox 1.5.0.5 Fixes JavaScript Flaws

Firefox Is Doing So Well It's Now a Malware Target

Firefox 2.0 Beta Tweaking Its Look

The Firefox, IE Race to The Finish

Firefox Hits Seventh Heaven

Firefox 2.0 Release Candidate Goes Live Today

Double Deuce as Firefox 2.0 Nears Completion

Mozilla Fine-Tunes for Final Release of Firefox 2

Firefox 2.0 Released: 'Bon Echo' Lives!

Firefox 3.0 Already?

Path to Firefox 2.0 Is Cleared

Our Phishing Filter Is Better Than Yours!

Phishers Lurk for Firefox 2.0 Password Manager

Mozilla Fixes Firefox Flaws, Misses One

Mozilla Rakes In $53M

Mozilla Patches Some Firefox Holes

Mozilla Security: More Than Meets the 'Aye'

One Flaw and a First for Latest Firefox Update

Firefox 1.5 Gets Its Last Update

Firefox at Risk Because of Internet Explorer?

Firefox Fixes IE Flaws

Mozilla Firefox Still at Risk

Will Mozilla's Fuzzer Break the Web?

Flaw Still Shadows Firefox

Firefox Gets BitTorrent

Firefox Gets QuickTime Fix

Mozilla Separating Browser from the App

Firefox Fixes Cross-Site Flaws

Firefox Breaks Web Canvas

Warning on Spoofed Login Windows in Firefox

Mozilla Update Quashes Slew of Firefox Flaws

Firefox Update Tackles Pair of Critical Bugs

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version?		Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind		MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook		Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML		HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES