NEW YORK: Open source developers Mozilla Corp. yesterday released patches for 12 security flaws in the Firefox 1.5 browser and Thunderbird email client. Some of the patches are also designed to stabilize the browser software, the organization said.
The update titled Firefox 1.5.0.4 is the fourth in a series of security updates for the browser's 1.5 edition. Five serious vulnerabilities in the 1.5 could allow hackers to run unauthorized software on systems where these security holes haven't been patched.
Any 1.5 user would easily become a target of such attacks during normal browsing, which made these five flaws critical ones. Attackers could exploit these vulnerabilities to generate buffer overflows after which they could plant and run malicious JavaScript on the system unknown to the user. Of course, the attack can only occur after the user is tricked into clicking on links to a malicious website.
Besides this vulnerability, problems like potential memory corruption, privilege escalation and browser crashing are also fixed.
The Firefox security update is expected to be automatically delivered to systems that have the 1.5 edition.
8 of Thunderbird vulnerabilities, one critical, have also been fixed with this patch update.
Security updates for both, Firefix and Thunderbird will be delivered directly with automatic updates. For more details or to download the browser and Thunderbird, readers may visit the Mozilla Corp. site.
