Mozilla Firefox 1.0.1 Released – Addresses Security Concerns
The Mozilla Foundation yesterday released an update to its award-winning Firefox 1.0 browser. The Firefox security update is available for the 27 million users who have already downloaded the free browser.
“Regular security updates are essential for maintaining a safe browsing experience for our users,” said Chris Hofmann, director of engineering for the Mozilla Foundation. “The Mozilla Foundation has developed a community of users and developers who continuously provide feedback on Mozilla software, and as a result of that constant vigilance, we are able to provide quick and effective responses to security vulnerabilities.”
The Mozilla Foundation evaluates security issues on an ongoing basis and will issue security updates as warranted. The security update for Firefox includes several fixes to guard against spoofing and arbitrary code execution.
The spoof exploits flaws in how the browser interprets the Unicode a character set, which can be used to create “homogenic” attacks, where two different combinations of characters in an HTML link can display the same URL, but send users to different sites. Clients can avoid the attack in Firefox and Mozilla by setting ‘network.enableIDN’ to false in the browser’s configuration.
“This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1,” the Mozilla Foundation said in its advisory. “For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names.”
Firefox has been widely praised for its stability, trustworthiness and innovative features including tabbed browsing, live bookmarks, built-in pop-up blocking, and hundreds of available extensions. SC Magazine, a leading security magazine, recently awarded the Mozilla Foundation with its Editor in Chief award. The browser has been downloaded more than 27 million times and is available in 28 languages.
