Mozilla Foundation prepares third Firefox security update

April 9, 2005

The Mozilla Foundation is in the final stages of preparing the third security update to the popular free Internet browser Firefox.

This update will fix a security issue highlighted by Internet security firm Secunia which allows remote users to read the memory of a computer running earlier versions of Firefox. Information such as the websites the user has recently visited or their e-mail addresses can easily be recovered.

Users can visit the Secunia website and use a test page to see if they are vulnerable and to study the kind of information that the flaw discloses. Secunia currently recommends disabling Javascript in the browser as a short-term measure against the bug.

The release will also fix some bugs discovered in version 1.0.2 and a selection of other security issues.

The third release, to be known as 1.0.3, comes hot on the heels of 1.0.2, released on March 23. As before, users will need to download and install the entire 4.7MB program from mozilla.org, rather than download a Microsoft-style patch. Mozilla is working on an update system that will make updating via smaller patches possible in the future.

This release has had a difficult birth, with initial versions preventing many popular Extensions (user-installed sub-programs that enhance the capabilities of the browser) from operating. Mozilla developers have worked hard on the issue and are now confident that they have plugged security holes in a way which will not cause inconvenience to users.