Mozilla Fixes Firefox Security Problems

SAN FRANCISCO -- Mozilla has released a new version of its Firefox browser containing critical security updates. Version 1.5.0.1 of the browser, released Wednesday, also contains a number of "stability" fixes to address problems that cause the browser to gum up the performance of some systems.

Wednesday's release marks the first time Mozilla developers have used the product's new automatic update mechanism, which was introduced with version 1.5 of the browser. The update is available here.

Staggered Updates

By Thursday some users were complaining on online forums that they had not been automatically notified of the software updates, as expected. But the delay is happening because Mozilla is staggering the updates to prevent its servers from overloading, according to Mike Schroepfer, vice president of engineering with Mozilla.

Before this week's software release, the updating service had been evaluated with about 500,000 early testers, and it worked fine, Schroepfer says. "There's no need to panic," he says. "I have high confidence that [all users] will get the update."

'Highly Critical'

The new release's eight security fixes have been cumulatively rated as "highly critical" by security firm Secunia, because some of them could theoretically be exploited to take over an unpatched PC.

However, this risk is mitigated because there is no known code in circulation that exploits any of the bugs, according to Schroepfer. "They're all things we've found internally," he says.

As of Thursday morning, Firefox users had downloaded about 10 million updates, and Schroepfer estimates that another 10 million to 15 million are to come.

Though the new release is not supposed to break any Firefox extensions, some users have reported problems with some of these add-on programs. Marc Orchant, a blogger and a marketing executive with VanDyke Software, says that the update broke 4 of the 20 extensions he uses.

By Thursday morning, two out of his three PCs running Firefox had updated, and Orchant is generally pleased with the experience. "Both of them updated without incident," he says, "and it did a very nice job of telling me which extensions it was breaking for me."

Memory-Use Tweaks

Orchant is also impressed that Mozilla developers took steps to address memory-leak problems that were causing his browser to consume as much as 200MB of system resources at times. "They appear to have fixed the most significant memory leaks," he says. "It seems to be hovering at the 45MB range now."

Also on Thursday, Secunia warned of a "moderately critical" bug in the way Mozilla's Thunderbird e-mail client processes messages that use the JavaScript Web programming language. To avoid any associated problems, users are advised to disable JavaScript and to be careful about opening e-mail from untrusted sources, Secunia says.