Most Read This Week
Firefox Finishes Fire Drill
Mozilla Fixes Flaw, Issues Updated Version 1.04
May. 12, 2005 11:00 AM
A security flaw that allows a malicious site to execute arbitrary code on a user's system through the Mozilla Firefox Version 1.03 browser has been fixed with the issuance of Mozilla Firefox Version 1.04, Mozilla has reported. The Version 1.03 flaw appears to be the first "Extremely Critical" Firefox flaw logged by Secunia, Mozilla says.
Firefox users are encouraged to go to www.mozilla.org to find the new version. ISSJ did this, and found one important navigational issue. The best way to find the most clearly marked patch download is to first go to the original May 8 notification of the problem. There you will find clearly marked information regarding the update, which is known as Version 1.04.
Hitting the May 11 link, which references the "security update," simply brings you to a generic Firefox page. Version 1.04 is the featured version on that page, and this version has eliminated the flaw. However, it may not be intuitively obvious to all users that this is the correct version, as there is no specific wording about the Version 1.03 problems on this page. With an estimated 50 million downloads worldwide, one can imagine that some confusion may be caused by this navigational obliqueness.
The May 8 advisory explains
that a successful attack involves exploiting two flaws: one involves
tricking Firefox into thinking a software installation is being
triggered by a whitelisted site, while the other relies on the software
installation trigger not sufficiently checking icon URLs containing
a workaround; however, simply disabling software installation (Web
Features panel of the Options/Preferences window in Firefox 1.0.3 or
the Content panel in the latest trunk builds) eliminates the problem. Now, with Version 1.04 available, the problem has been fully addressed.
Reader Feedback: Page 1 of 1
Subscribe to the World's Most Powerful Newsletters
Today's Top Reads