Firefox 1.5 Gets Its Last Update

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Once more unto the breach, dear friends, once more.

Mozilla has plugged a few holes in Firefox 1.5.x for what ostensibly may turn out to be the last time. The final release of Firefox accompanies the release of Mozilla's current standard bearer Firefox, both of which are being patched for at least five flaws.

Only one is critical. Mozilla Foundation Security Advisory 2007-12 details a flaw about a memory crash that could potentially lead to arbitrary file execution.

There is also a fixed flaw for a potential cross-site scripting issue that Mozilla has rated "high impact." According to the advisory, the addEventListener JavaScript method could be used to inject script into another site in violation of the browser's same-origin policy. A malicious user could then use that method to potentially modify or access private information.

One particularly annoying bug related to Mozilla's form auto-complete function has also been repaired in the latest Firefox releases.

Rated "low impact," the flaw could have enabled a denial-of-service attack. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time auto complete is triggered after every browser restart.

The Firefox release is expected to be the last official Mozilla release in the Firefox 1.5.x product line, which was first launched in November 2005. The release of Firefox 2.x in October superseded 1.5.x as Mozilla's flagship browser line.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...