RealTime IT News

Mozilla Updates Firefox

The Mozilla Foundation has released the latest version of its popular Firefox browser, along with a series of patches intended to prevent spoofing and phishing attacks that have caused the browser to crash.

Firefox 1.0.1, addresses numerous security vulnerabilities and approximately 40 other browser fixes, according to the not-for-profit software foundation.

The primary glitch, which the updated browser fixed, was a vulnerability found in the Internalized Domain Names (IDN) protocol, which allows the use of certain international characters that look like other commonly used characters.

The IDN vulnerability allows hackers to spoof Web sites through phishing attacks.

The update fixes vulnerabilities that range from "moderately critical" to "not critical"; none are listed as "highly critical," according to the Mozilla Foundation, said in a statement.

"Regular security updates are essential for maintaining a safe browsing experience for our users," he said.

There are no known exploits for any of the vulnerabilities.

The security update can be downloaded at the Mozilla Web site and will be available within a few days through Firefox's automatic update feature.

"I'd encourage users to get this release, especially if they've been prone to phishing attacks or spoofing," Hofmann said in a statement. "A lot of work in this release focuses on those areas."

The Shmoo Group discovered the IDN bug and said it appeared in all browsers, with the exception of Internet Explorer.

The Firefox browser has been downloaded 27 million times since it was released on Dec. 7, according to the foundation.

Opera Software also addressed the IDN flaw this week, as well as several others, with the second beta version of its browser.

The company said the beta includes an answer to the recent security difficulties with Web site spoofing.

The latest browser displays security information inside the address bar, located next to a padlock icon that indicates the level of security present on a site, according to the company. These anti-spoof measures help users make better decisions about the validity and security of visited Web sites.

"One of the most important measures to counter phishing attacks is the use of security certificates," Christen Krogh, Opera's vice president of engineering, said in a statement. "The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions."

The company also addressed the IDN flaw by displaying only domain names from certain top level names. This ensures that users who depend on IDN will avoid spoofed sites, the company said.