Mozilla Foundation rolls out second security update for Firefox browser

March 26, 2005

The Mozilla Foundation released the second major security update this week for their flagship browser Firefox. The fix patches a serious flaw in the way Firefox handles animated GIF image files. Firefox browsers infected by malicious code could experience a buffer overflow, temporarily locking up or "freezing" a user's computer, or even executing arbitrary code which could take over a user's computer.

The flaw was discovered and reported by Internet Security Systems, Inc. The upgrade was the second major security fix in less than a month for the browser, which has grown in popularity to ten percent of the browser market in the United States.

Although there were no known exploits of the bug, Chris Hoffman, director of engineering at Mozilla, told reporters, "[because] Mozilla is committed to delivering the most secure product possible, we decided to quickly issue an update to patch the bug."

The Mozilla Foundation did not offer any details about the issue of vulnerability, but a second major security overhaul in such a short time underscores challenges faced by the nonprofit foundation as it goes head-to-head with the market leading Internet Explorer browser by Microsoft.

The new release, Firefox version 1.0.2, "illustrates the dedication of the strong community of developers working on the product," according to Hoffman. "...we’re able to turn around patches much faster than a traditional corporation," he added. Users can download the update at no charge, and can find additional information at the Mozilla website.