CYBERSPACE — Webmasters who received an automatic Firefox 1.5.0.2 update on Wednesday may have wondered what was different when version 1.5.0.3 restarted – and webmasters who aren’t set for auto updates might want to visit the Mozilla.com website and pick up the latest patch. At the very least, users of the older version will want to disable Firefox’s JavaScript handling abilities.A zero-day vulnerability was identified for the browser on April 18th on the Mozilla Bugzilla listing and a patch for the critical security hole was released on Tuesday, May 2nd. Left alone, the flaw, which relates to how Firefox handles JavaScript code, could be exploited to install malicious code or crash the browser.
The open-source browser’s 1.5.0.2 version had been released in mid-April and was soon found to have difficulty dealing with malformed “contentWindow.focus()” JavaScript code.
Although several of the 24 bug fixes included in the 1.5.0.2 release were related to JavaScript problems, such flaws are not unfamiliar with the browser or its primary market rival, Internet Explorer. The number of features available in 1.5.0.3 have been reduced in order to hurry the release date of the security fix.
Versions 1.0 of Firefox or 1.7 of Mozilla Suite are not affected by the flaw.
