RealTime IT News

New Firefox Kills Bugs

The first new Mozilla Firefox point release of the year is now out addressing a number of bug and security issues. Overall, Danish security firm Secunia rates the aggregate of all the security issues "highly critical."

When you dig down into the actual security issues, though, there is only one that Mozilla, publicly at least, has labeled "critical."

Firefox 1.5.0.1 fixes one critical security issue referred to as "Localstore.rdf XML injection through XULDocument.persist()." The vulnerability could have potentially allowed a hacker to inject XML that could include arbitrary JavaScript commands to run on the user's PC.

Also in the release are four moderately critical security issues that address cross-site scripting and systems-information exposure issues. At least three security issues that Mozilla has rated as "low" are also addressed in the update.

In addition to security fixes, the 1.5.0.1 release indicates that there are 12 notable bug fixes in the update, ranging from a printing area bug to a copy and paste bug.

The new release also fixes six different crash conditions. One of the fixed crash conditions trigged a crash in the browser when a user attempted to print a text selection.

That bug is the fifth-highest-rated crash as ranked on Mozilla's Topcrashers site.

Memory leaks are also addressed in the new release with two different leak conditions fixed.

All the bugs and security fixes addressed by the 1.5.0.1 release are also reflected in Firefox's SeaMonkey.

In March, Mozilla announced it would no longer officially release its namesake Mozilla suite, which was developed under the code name "Seamonkey."

The Mozilla suite included both browser and e-mail components and was considered by some to be bloated, hence the focus on the leaner code bases of Mozilla Firefox for browsing and Mozilla Thunderbird for e-mail.

A group of non-Mozilla Foundation developers banded together to form the SeaMonkey Council and this week released SeaMonkey 1.0.

This week also saw the first public beta of Microsoft's challenger to Mozilla's innovation, IE 7 beta 2.