Firefox users, update your browsers.
Mozilla has released its seventh update this year, Firefox 1.5.0.7, which
fixes four critical security issues in the popular open source browser.
Among the four critical issues tagged by Mozilla in the update is Mozilla Foundation Security Advisory 2006-57, which describes a JavaScript
Regular Expression Heap Corruption.
The corruption could lead to a heap
buffer overflow, which could then be used by an attacker to run arbitrary code.
A critical concurrency-related vulnerability is described by Mozilla Foundation Security Advisory 2006-59, which could trigger crashes.
“We have seen no demonstration that
these crashes could be reliably exploited, but they do show evidence of
memory corruption so we presume they could be,” according to the Mozilla advisory.
Another critical security flaw fixed in Firefox 1.5.0.7 also deals with
memory crash conditions that could lead to arbitrary code execution.
Mozilla Foundation Security Advisory 2006-64 actually deals with a number of crash conditions grouped together for the advisory under the title, “Crashes with evidence of memory corruption.”
Mozilla’s advisory notes that as part of Firefox 1.5.0.7, several bugs
were fixed to improve stability.
“Some of these were crashes that showed evidence of memory corruption, and
we presume that at least some of these could be exploited to run arbitrary
code with enough effort.”
The 1.5.0.7 release comes about a week later than it had first been
expected.
As recently as Aug. 30, Mozilla developers had pegged
Sept. 7 as the release date for the seventh update to the Firefox
1.5.x browser this year.
The delay was the result of Mozilla developers issuing a
record-breaking number of release candidates for testing.
Last Friday, Mozilla developer Jay Patel wrote in a posting that, “We had to
take a few fixes late last week and earlier this week, which has pushed out
the release schedule for 1.5.0.7.”
Those late fixes pushed the expected release out to Tuesday Sept. 12.
On Monday Patel revised the schedule again.
“We had to respin for another security bug over the weekend and are now
at rc6 (a new record!],” Patel wrote.