By Steve Ragan Feb 27, 2007, 16:02 GMT
Mozilla, the makers of the Firefox browser, have released several security fixes. These fixes come in the shape of Firefox version 2.0.0.2 and 1.5.0.10. There were fourteen fixes total. MFSA 2007-01 to MFSA 2007-08 on both the 1.5 and the 2.0 versions were patched.
Three critical updates, two of which were found in both 2.0.0.1 and 1.5.0.9 were patched with the new releases. “Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 involving mixing the onUnload event handler and self-modifying document.write() calls,” Mozilla said in MFSA 2007-08. The other critical release, found in both versions of the browser, was MFSA 2007-01, which deals with various crashes with evidence of memory corruption. Another major patch, MFSA 2007-06, listed as critical on the 1.5 version and only moderate on the 2.0 version, dealt with two potential buffer overflow vulnerabilities found by researcher regenrecht in the Network Security Services (NSS) code for processing the SSLv2 protocol.
There are some reports of unpatched items; one is reported to be memory corruption flaw that if a user were to visit a malicious webpage the ability to inject harmful code remotely could be exploited. Another minor flaw discovered, is one that forces Firefox to open a new window with a blank address bar and the reload button disabled. The odd thing about the reported unpatched memory corruption flaw is that it was in fact patched; Mozilla just did not know they patched it.
Confirmed by Michal Zalewski, when Firefox version 2.0.0.2 went live, something strange happened. According to Zalewski, “When 2.0.0.2 went live, some devs noticed that it doesn't crash with my test case, though it still crashes trunk builds. After a brief moment of confusion, they determined that a fix for an unrelated, obscure non-security bug 364692 had altered the behavior this vulnerability depended on, accidentally rendering 2.0.0.2 not vulnerable to the attack. This was then fixed on trunk, and voila. I can't really comment on whether this fixes the problem once and for all, because I haven't really examined the changes implemented for 364692, but yeah, my example no longer crashes the browser for me.”
Firefox 2.0.0.2 and 1.5.0.10 can be downloaded from the Firefox website or via auto update. Firefox is almost at its end of life for those who have not updated. It is said to complete its development cycle on April 24, 2007.
Your Talkback on this Story