Mozilla releases Firefox security update (http://news.zdnet.com/2100-1009_22-5704684.html?tag=nl.e589)
May 12, 2005
By Dawn Kawamoto, CNET News.com

A security update for the Firefox open-source browser has been released by the Mozilla Foundation, a move that follows the public disclosure of exploit code for two "extremely critical" vulnerabilities.

Mozilla's Firefox 1.0.4, released Wednesday, addresses vulnerabilities that surfaced earlier this week. The update includes several security fixes, as well as a fix to DHTML errors that were encountered on some Web sites, according to a posting on Mozilla's Web site.

The update is designed to address the two flaws, which when combined could allow malicious attackers to engage in cross-site scripting and remote system access. Although the two vulnerabilities could be exploited, there were no known active exploits.

Security monitoring company Secunia had rated the flaws as "extremely critical."

The update means that people can safely install extensions from non-Mozilla sites, whereas before they were at risk because of the vulnerabilities, said Chris Hofmann, director of engineering for Mozilla.

Another one! Gee and I never got 1.0.3 downloaded yet!!! Guess this means they will also be fixing the new highly touted "Netscape 8" as well.

You know I'm starting to see a trend there that is not altogether cool in certain respects... If you fix one borwser all the time to find problems to fix in another browser, wouldn't it be evident to the world, sooner or later, that you're fixing twice as many problems as your competition???