Mozilla has acknowledged a
new flaw in Firefox and SeaMonkey attackers could exploit to
bypass security restrictions and hijack targeted machines. The
latest versions of those programs correct the problem.
A regression error occurs when the programs process certain IMG
tags. Attackers who successfully lure users to a malicious Web page
could then exploit the flaw to bypass restrictions and run
arbitrary code.
The flaw specifically affects Firefox version 1.5.0.9 and
2.0.0.1; and SeaMonkey 1.0.7.
Users will be protected from the flaw by upgrading to Firefox
2.0.0.2 or 1.5.0.10; or SeaMonkey 1.1.1 or 1.0.8.
Mozilla released those versions last week to
fix more than 10 other Firefox flaws digital miscreants could
exploit to circumvent security restrictions, conduct cross-site
scripting attacks and access sensitive information.
Mozilla 2.0 has suffered from a variety of flaws
since its release last October.
Mozilla security chief Window Snyder said in a recent interview
that Mozilla tries to issue a security upgrade every six weeks or
so.
"We're continuously looking for vulnerabilities and continuously
fixing them," she said at the time. "Users don't have to wait for
the next version of the product to get a lot of the benefits of the
security work we're doing. They get it on a regular basis."
She made that comment after being asked if the frequent security
updates are an indication that the open source browser isn't as
ironclad as supporters boast.
Firefox is often touted by fans as a more secure alternative to
Microsoft's much-attacked Internet Explorer.