Mozilla Firefox 1.5.0.2


Recommended Posts

This was great. I got a message box informing me of the already installed update and to restart Firefox. These guy (and gals) have come a long way to make the best browser on the market (IMHO). MS might as well buy Mozilla 'cause that's the only way they'll have a decent browser.

Firefox 1.5.0.2 Fixes 21 Vulnerabilities

The Mozilla Foundation released an update to fix 21 security vulnerabilities in their Web browser, Firefox 1.5 for Windows, Linux, and Mac. If one of your users visits a malicious Web page, an attacker could exploit the worst of these vulnerabilities to execute code on that user's computer, with that user's privileges, possibly gaining complete control of the computer. If you use Firefox on any platform, you should download and deploy version 1.5.0.2 as soon as possible.

The Mozilla Foundation released Firefox 1.5.0.2, fixing 21 security vulnerabilities, as well as a few other stability issues, in the popular Web browser. Many of these vulnerabilities could allow a remote attacker to execute arbitrary code on your users' computers. We highlight three of the more worrisome flaws below:

An integer overflow in CSS Letter-Spacing. Firefox's CSS Letter-Spacing property suffers from an integer overflow vulnerability. By enticing one of your users to a malicious Web page, an attacker could exploit one of these integer overflows to execute code on that user's computer with the user's privileges. If you give your users local administrative privileges, an attacker could potentially exploit this flaw to gain control of their system.

Code execution vulnerability in particular JavaScript method. A flaw in a particular JavaScript method (called crypto.generateCRMFRequest) allows remote attackers to execute code on one of your user's machines with that user's privileges. However, like the flaw above, the attacker would first have to entice his victim to a malicious Web page for this attack to succeed.

Flaws in DHTML handling may allow code execution. Firefox suffers from several security vulnerabilities and crash bugs involving the way it handles DHTML Web content. Some of these vulnerabilities could allow attackers to execute code on your users' computers with their privileges. Like both flaws above, the hacker would have to entice your users to a malicious Web page in order to exploit these flaws.

These three flaws alone should convince you to update your Firefox users as soon as possible. However, if you'd like to know more about the remaining vulnerabilities, check out Firefox's known issues page.

Mozilla has updated Firefox to version 1.5.0.2 in order to correct these security vulnerabilities. If you use Firefox in your network, download and deploy version 1.5.02 as soon as possible.

Windows

Mac OS X

These attacks arrive as normal-looking HTTP traffic, which you need to allow through your firewall so your end users can access the World Wide Web. Therefore, the patches above are your best solution.

Thought that this may help anyone looking for help or downloads!

Firefox 1.5.0.2 Fixes 21 Vulnerabilities

It is Firefox 1.0.8 that has 21 or rather 18 Vulnerabilities fixed, NOT Firefox 1.5.0.2 as it only actually has 7 vulnerabilities fixed. http://www.mozilla.org/projects/security/k...rabilities.html

https://www.neowin.net/index.php?act=view&id=32838&cid=451400

Most of those advisories don't affect 1.5.0.1. The ones at the start say they affect Firefox before 1.5.0.2; the rest say they affect Firefox before 1.5 when in fact only 7 fixes are featured in 1.5.0.2 compared to a whopping 18 in 1.0.8.

By the way for Firefox 1.0.8 unlike what they planned in the past they decided that 1.0.8 will be the last of the old Aviary1.0.1 Branch releases unless something comes up to warrant a 1.0.9

Glad to say that it does fix a few of them.

  • Memory leaks
    • 321283 - Using Find causes documents to leak.
    • 323532 - Leak when using history autocomplete.
    • 323377 - Lots of leaks in nsInternetSearchService.

Yet it may have introduced a whole new BIGGER memory leak...

I've had to regress to 1.5.0.1 to avoid it crashing. The memory footpront is usually between 100MB and 250MB even with just 1 tab open! When it happens I can't even kill the process! I can't even shut down! Has to be a hard power off...

Just compliling some more evidence on another machine to submit a bug.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.