Firefox, Mozilla Users Told to Upgrade
Users of the Firefox Web browser are being urged to upgrade as a government computer security agency warned of multiple vulnerabilities in earlier versions of the software. The group recommends upgrading to the latest Firefox release available, which would be 1.5.0.2.
Security firm Secunia has posted an advisory mirroring the United States Computer Emergency Readiness Team's warnings, which it posted April 14. Rating the issue as "highly critical," the firm says some 21 flaws currently exist in versions of the browser before 1.5.0.2.
US-CERT went even further than Secunia, saying there were issues with the Mozilla Web browser, e-mail and newsgroup client, SeaMonkey, Thunderbird e=mail client, and Mozilla Suite. All of those programs include portions of Firefox code that could be vulnerable.
The warnings from both US-CERT and Secunia may begin to dispel the idea that Firefox is much more secure than its Microsoft counterpart, Internet Explorer. It should be noted, however, that so far the number of vulnerabilities discovered within Firefox have been far less than those found in IE.
Of the vulnerabilities mentioned by US-CERT, four deal with JavaScript handling issues, two with XBL, two over CSS issues, two with memory corruption, and another that covers a problem with the way the browser handles display styles.
"The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or local information disclosure," the agency said.