off the Press - News & Commentary
Firefox Patches Crash Bug &
time to update the millions of Firefox 1.0 browsers that have been
downloaded over the past 11 weeks. The Mozilla Foundation on Thursday
released its first security update to Firefox, comprising a series
of patches intended to prevent spoofing and phishing attacks and
fix glitches that cause the browser to crash.
The security update, Firefox 1.0.1, can be downloaded immediately at
www.mozilla.org, and it will be available within a few days via Firefox's
automatic update feature. "I'd encourage users to get this release,
especially if they've been prone to phishing attacks or spoofing,"
says Chris Hofmann, director of engineering with Mozilla, a nonprofit
software-development organization. "A lot of work in this release
focuses on those areas."
The update covers a handful of security vulnerabilities and approximately
40 other fixes related to browser performance based on user feedback
to Mozilla. The security vulnerabilities range from "moderately
critical" in nature to not critical. None of them are highly critical,
and there are no known exploits for any of the vulnerabilities, Hofmann
One security patch
addresses the problem of international domain name spoofing, in which
a hacker could potentially spoof a Web site through the international
characters in the browser. The fix involves putting "funny-looking
characters" in the susceptible area of the browser, though Hofmann
acknowledges it's only a temporary solution. Security firm Secunia described
the IDN spoofing vulnerability in a bulletin earlier this month.
The update is also meant to prevent cross-site scripting, in which an
attacker gains access to data entered on a Web site by manipulating the
Firefox 1.0 has been downloaded 27 million times since it was released
on Dec. 7. In the process, the no-cost browser has cut into Microsoft
Internet Explorer's dominant share of the browser market. IE's market
share on Windows PCs had slipped to 92.7% in mid-January, from 96.7% in
June, while Firefox's share rose, according to WebSideStory Inc., a Web-analytics
firm that tracks browser usage. WebSideStory is expected to release updated
Web-browser statistics next week.