Mozilla on Sept. 14 reissued the popular open-source Firefox Web browser, and its email counterpart, Thunderbird, with new security and stability fixes. Each of the open-source apps rolls to version 1.5.0.7. Firefox 1.5.0.7 comes with fixes for half-a-dozen minor security vulnerabilities. The first of these is a patch that will prevent possible attacks from opening a previously blocked popup that was using an XSS (cross-site scripting) attack.

Perhaps the most critical of these corrects an implementation error in the RSA security signature verification. This made it possible for an attacker to make a forged signature for an altered message. Another serious problem that has been fixed was that JavaScript could be relatively easily tricked into heap buffer overflows. This, in turn, could be exploited to run a malware program. The new browser version also prevents malicious sites from injecting content into a sub-frame of another site. This could have the effect of making an attackers' content look like it was part of the victim site.

The link for this article located at DesktopLinux is no longer available.