Application security, Patch/Configuration Management, Vulnerability Management

New Firefox version includes security fix

Mozilla is encouraging Firefox users to install a newly released version that contains security fixes.

Version v1.5.0.5 first became available on Mozilla's website on Wednesday.

Security researchers also warned this week of a newly discovered trojan that takes advantage of a Firefox flaw and can relay personal information from an infected PC.

Users of Firefox 1.5 were to receive automated update notification within a day or two, according to an advisory from the Mozilla Developer Center that advertises "significant security and stability improvements" in the new version.

Secunia released an advisory for a dozen flaws in Firefox today, including multiple vulnerabilities in JavaScript references. The flaws could allow cross-site scripting, DoS attacks and system access, according to the advisory.

McAfee warned Firefox users on Wednesday about the FormSpy trojan, which is automatically downloaded to PCs already infected with the Downloader-AXM trojan.

Once downloaded, the trojan sends information submitted to the browser to a malicious website. The malware is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic, according to a McAfee advisory.

Mike Schroepfer, Mozilla vice president of engineering, urged caution on Thursday.

"While this malware is trying to mask itself by corrupting a Firefox installation, it is no different from any other malware that a user might be tricked into installing from a spam email or a malicious website," he said. "We encourage people to be careful when installing software from unknown sources, especially files linked to or as attachments to emails. We will continue to work closely with the anti-virus vendors to assist in any way we can."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.