A number of security flaws, some of them serious, have been discovered in older 1.4.x versions of the Mozilla browser suite.
The Mozilla Project has released updates to the current versions of Mozilla, the Firefox stand-alone browser and the Thunderbird email application - Firefox 0.9.3, Thunderbird 0.7.3 and Mozilla 1.7.2 - to deal with security flaws that may have carried over from version 1.4.x. Linux vendors such as Red Hat also released a patch for Mozilla 1.4.x that fixes the bugs.
Some of the bugs could allow an attacker to execute arbitrary code on a system, but most do not affect the most recent versions of the software.
The Mozilla Project said it believed four of the bugs did affect Mozilla 1.7.x. These include the libpng flaws, two spoofing bugs and a CA certificate flaw that allows a denial-of-service on SSL pages. The libpng flaws could be used to execute arbitrary code on a system by tricking a user into viewing a specially-crafted graphics file.
Red Hat's advisory can be found here. The most recent Mozilla software can be downloaded here.
In an effort to encourage researchers to report flaws in Mozilla's browsers, the Mozilla Project recently announced an initiative to award a $500 cash prize for finding critical bugs. Company officials admitted, however, that the sum was nominal - more of a "thank you" than a serious incentive.
Find your next job with techworld jobs