Firefox updates bring 1.5 to the end of the line

Stephen Withers
Thursday, 31 May 2007 10:48

Business IT - Technology

A "security and stability update" just released by Mozilla for Firefox 1.5 is expected to be the last. Firefox 2.0 was updated at the same time.

Firefox 1.5.0.12 fixes five issues, including one rated 'critical' and another classified as 'high'. The former covers a situation that could potentially have led to the execution of arbitrary code, but it seems there are no known exploits so far. The latter is a script injection vulnerability.

Less serious bugs allowed a denial of service attack via the autocomplete feature, a pair of cookie handling problems, and the ability to spoof browser chrome such as the location bar via XUL popups.

A Linux-only change means the browser now follows GTK settings for textbox keybindings.

Sometime in the coming weeks, Firefox 1.5.0.12 users will be offered version 2 via the automatic update feature. All users of 1.5 are already encouraged to update to 2.0.

All five of the above security issues were also fixed in Firefox 2.0.0.4. Furthermore, it delivers improved support for Vista, Afrikaans and Belarusian localisation, and a raft of non-security bug fixes.

Work on Firefox 3 continues, and the alpha 5 preview is expected this week.