Firefox Patched for Netscape-Era Flaw
The Mozilla Foundation has preemptively patched its Firefox Web browser to guard against attacks that could conceivably exploit a hole in Netscape-era legacy code.
The code was used by Netscape engineers as a method to animate GIFs, but lacks protection against specially crafted images that can be used to execute arbitrary code. The exploit was first disclosed by Internet Security Systems.
"To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities," said Chris Hofmann, director of engineering for the Mozilla Foundation.
"For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response."
The previous point release of Firefox, version 1.01, inoculated users against potential security threats and included a workaround for a well publicized spoofing vulnerability stemming from the browser's implementation of the Internationalized Domain Names (IDN) standard.
This week, security Researchers at Symantec published a biannual Internet Threat Report that tabulated a total of 21 vulnerabilities, seven of which were deemed "critical," in Mozilla-based browsers in the second half of 2004. Microsoft's Internet Explorer browser suffered nine critical bugs during that time.