IDG News Service - Mozilla Corp. has released an update to its Firefox browser, fixing a known security flaw in the open-source software.
The bug, reported last week, involves the way Firefox handles JavaScript code. It could be exploited by attackers to crash an unpatched browser and, in theory, could also provide them with a way to trick the browser into running malicious code, Mozilla said in a security alert.
The problem has to do with an error caused when Firefox handles certain unexpected "contentWindow.focus()" JavaScript code. It can be circumvented by disabling Firefox's JavaScript handling capability.
Users of the older Firefox 1.0 browsers and the Mozilla Suite 1.7 are not affected by the flaw, and Firefox 1.5 users should soon start to receive software patches under the browser's automatic update system.
Mozilla developers said last week that they had reduced the number of features in the 1.5.0.3 update in order to hasten the release of this security fix.
Release notes for the 1.5.0.3 browser can be found on the Mozilla site.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
