RealTime IT News

Mozilla Plugs Firefox Bugs

Mozilla Firefox 1.5.0.2 is now available fixing five bugs that developers have tagged as "critical."

Mozilla Foundation Security Advisory (MFSA) 2006-20 is a fix for crashes that were caused by DHTML .

According to the advisory, "some of these crashes showed evidence of memory corruption that we presume could be exploited to run arbitrary code with enough effort."

MFSA 2006-22 is titled, "CSS Letter-Spacing Heap Overflow Vulnerability" and could have potentially led to a condition whereby and attacker could run arbitrary code.

MFSA 2006-24 also carriers a "critical" rating and involves a privilege escalation flaw in the crypto.generateCRMFRequest method.

Versions of Firefox prior to the new 1.5.0.2 release were also potentially susceptible to a flaw which could have put them at risk simply by doing a "Print Preview." MFSA 2006-25, titled, "Privilege escalation through Print Preview," addresses this flaw.

MFSA 2006-28 fixes a flaw that allowed a JavaScript security check function to be circumvented.

The new Firefox isn't just a security update; it also provides universal binary support for Apple MAC OSX on Intel Core processors.

A number of crash conditions are fixed, including the No. 2 most reported crash in Firefox, Bugzilla Bug 317865. The bug is related to something called "last-ditch garbage collection" (LDGC) on the JavaScript allocator.

A bug that caused Firefox to crash when loading Google's Gmail in a separate tab (number 48 on the top crash list for Firefox) is also repaired in the new release.

Firefox stability is improved in the release thanks to a trio of memory leak fixes. One of the fixed memory leak scenarios was triggered by sampling using the "Find" feature in the browser.

The 1.5.0.2 release is the second point upgrade for Firefox this year. 1.5.0.1 was released in February. Firefox's 2.0 release is currently in alpha.