Serious vulnerability is removed form Firefox

13th March 2007

Mozilla has eliminated a critically dangerous vulnerability in Firefox, by means of which trespassers could theoretically run at the remote computer arbitrary harmful code. The bug itself was, identified at the end of last year. The problem relates to the features of processing by Firefox an attribute "src " of "IMG " tag. In December, Mozilla specialists offered disabling JavaScript in the browser as a temporary solution of the problem. However, it became clear soon that even deactivating JavaScript does not exclude the possibility of attacks through the hole. Thus, at the beginning of this month Firefox developers released a patch for the browser. The patch is strongly recommended to users of Firefox versions 2.0.0.2 and 1.5.0.10, as well as users of the package SeaMonkey versions 1.1.1 and 1.0.8. Mail client Thunderbird does not contain this bug. Firefox developers, according to InfoWorld are bering increasingly criticisized by independent experts on security issues. However, in Mozilla they stress that matters of security and reliability are always paid highest possible attention. In particular, it is said that Firefox developers always try to distribute patches as rapidly as possible after the discovery of the hole. At the same time, famous Microsoft typically releases patches for Internet Explorer only once a month.