Lilia GuanThe Mozilla Foundation, creators of the popular Firefox Web browser, is encouraging users to download the latest security update to Firefox, made available today.
A month ago Danish security firm Secunia announced that most browsers, including Firefox 1.0.4 was vulnerable and could be exploited by malicious web sites to spoof dialog boxes. The problem was that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.
Firefox 1.0.5 is a security update that is part of its ongoing program to ‘provide a safe Internet experience for Mozilla customers’.
However, Chris Hofmann, director of engineering with the Mozilla Foundation believes “there are a collection of 10 reports that have come in over the past couple of months from security researchers and most of these involve quite a bit of user interaction to participate in the potential exploit,” he said.
He believes these previously undisclosed bugs are generally not considered to be critical and the company recommends that all users upgrade to this latest version with several security fixes and improvements to stability.
According to Hoffman, the company will also release similar updates for Thunderbird and the Mozilla suite would follow later this week. The second alpha for Firebird 1.1 — dubbed Deer Park in an attempt to stop users from trying out the unready browser — would appear.