With FireFox 1.0.4

May 12, 2005 20:47 GMT  ·  By

The Mozilla Foundation has patched two "extremely critical" security holes in its Firefox browser by releasing an updated version of the browser

The two flaws reported Monday were given Secunia's highest rating due to exploit code that was already in the wild.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first vulnerability stemmed from a bug that enables IFRAME JavaScript URLs to be executed in the context of another URL in Firefox's history list. The second flaw involved the update mechanism used by Mozilla

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update. This new version can be downloaded here.

The under-a-week response to the public vulnerability was helped in part by an early jump on the problem, said Chris Hofmann, director of engineering at Mozilla. His group was first notified of the vulnerability on May 2. the first time when the news it went public was May 7.

The 1.0.4 update also fixes two other minor security bugs as well as the way Firefox handles dynamic HTML (DHTML).

The Mozilla Suite was updated to version 1.7.8 in conjunction with the new Firefox release.