The first new Mozilla Firefox point release of the year is now out
addressing a number of bug and security issues. Overall, Danish security
firm Secunia rates the aggregate of all the security issues “highly
critical.”
When you dig down into the actual security issues, though,
there is only one that Mozilla, publicly at least, has labeled “critical.”
Firefox 1.5.0.1 fixes one critical security issue referred to as “Localstore.rdf XML injection through XULDocument.persist().” The vulnerability could have potentially allowed a hacker to inject XML that could include arbitrary JavaScript commands to run on the user’s PC.
Also in the release are four moderately critical security issues that address cross-site scripting and systems-information exposure issues.
At least three security issues that Mozilla has rated as “low” are also
addressed in the update.
In addition to security fixes, the 1.5.0.1 release indicates that
there are 12 notable bug fixes in the update, ranging from a printing area bug to a copy and paste bug.
The new release also fixes six different crash conditions. One of the fixed
crash conditions trigged a crash in the browser when a user attempted to
print a text selection.
That bug is the fifth-highest-rated crash as ranked on Mozilla’s Topcrashers site.
Memory leaks are also addressed in the new release with two different
leak conditions fixed.
All the bugs and security fixes addressed by the 1.5.0.1 release are also
reflected in Firefox’s SeaMonkey.
In March, Mozilla announced it would no longer officially release its namesake
Mozilla suite, which was developed under the code name “Seamonkey.”
The
Mozilla suite included both browser and e-mail components and was considered
by some to be bloated, hence the focus on the leaner code bases of Mozilla
Firefox for browsing and Mozilla Thunderbird for e-mail.
A group of non-Mozilla Foundation developers banded together to form the
SeaMonkey Council and this week released SeaMonkey 1.0.
This week also saw the first public beta of Microsoft’s challenger to
Mozilla’s innovation, IE 7 beta 2.