Mozilla to Issue Firefox Security Fix
The Mozilla Corporation plans to rush out a minor update to Firefox, numbered 1.5.0.3, in order to address a denial-of-service vulnerability in the most recent version of the open source Web browser. The move comes despite the flaw being rated "non-critical" by security firm Secunia.
The security issue involves an error in the handling of unexpected "contentWindow.focus()" JavaScript calls. A malicious Web site could be used to "corrupt the memory and cause a crash by calling the "contentWindow.focus()" method on a container with specially crafted content," according to an advisory.
Exploit code for the vulnerability has been released, prompting Firefox developers to quickly patch the browser -- even though the risk of attack is minimal. The decision will, however, slightly push back the next Firefox update.
"What was previously called 1.8.0.3 will shift to 1.8.0.4. 1.8.0.4 will ship on a schedule slightly offset from the original 1.8.0.3 schedule to accommodate the new release in the middle," developers said on Thursday.
"The new 1.8.0.3 release is happening off of a mini-branch from 1.8.0.2 so no action is required to back out patches or stop landing patches for the next release."
The DoS problem affects the latest Firefox 1.5.0.2 build, which was released earlier this month to correct a slew of security-related flaws.