Mozilla Readies Another Firefox Security Makeover

Mozilla Readies Another Firefox Security Makeover: "The Mozilla Foundation has shipped release candidates for a new version of its Firefox Web browser to provide a thorough fix for a known code execution security vulnerability.

The Firefox 1.0.7 makeover comes just one week after a private security researcher posted a proof-of-concept demonstration of a buffer overflow affecting users of the open-source browser.

Volunteers are putting the finishing touches to quality assurance testing, and the update is expected to ship within the next two days, a Mozilla official told Ziff Davis Internet News.

The nonprofit Mozilla Foundation had earlier posted a temporary patch and workaround for the bug, which could be exploited by a remote attacker to execute arbitrary code on an affected host.

The flaw, which carries a 'highly critical' rating from security alerts aggregator Secunia Inc., is due to a buffer overflow error in the 'NormalizeIDN' function when handling specially crafted URLs embedded in 'HREF' tags.

A malicious hacker could 'take complete control of an affected system' via specially crafted Web pages.

However, even as Mozilla scrambled to roll out a comprehensive fix, the researcher who originally discovered the flaw has posted a new advisory to warn that the foundation's temporary fix does not provide adequate protection."

I know that Firefoxs keeps rolling out new updates and that you are getting tired of upgradeing. But keep in mind that Firefox is still a beta which means it is still testing. So they are going to be flaws with the browser. That is why they keep having updates to fix these flaws

Image found: Here