Skip to main content
  1. Home
  2. Computing

Firefox 1.0.7 Fixes Security Glitches

By

On Wednesday, the Mozilla Foundation released Firefox 1.0.7 for Windows, Mac OS X, and Linux; the new release includes a number of minor changes, but most importantly fixes two potentially serious security issues which have been widely publicized in recent days.

The most-reported problem fixes an issue with Firefox’s International Domain Name (IDN) feature, which enables Mozilla products to display and resolve Internet domain names using international and/or non-Latin character sets. Links pointing to a long domain name composed entirely of dashes could trigger a buffer overflow which (in theory) could have enabled an attacker using a carefully crafted link to execute arbitrary code on a user’s machine. Although there have been no known exploitations of this problem, Mozilla quickly posted information on how to disable IDN while they worked on a solution.

Recommended Videos

A second serious issue potentially enabling malicious URLs to execute shell scripts under Linux is also addressed in the FireFox 1.0.7 release, along with a potential crash using certain Proxy Auto-Config scripts and some bugs with earlier editions of FireFox which were re-introduced with previous 1.0.x security updates.

Related

The Mozilla Foundation encourages all Firefox users to download and install the 1.0.7 update, which is all well and good; however, repeated attempts to download the update from the Mozilla.org site have failed for more than 30 hours, delaying access to (and coverage of) this update. The Mozilla Foundation has been repeatedly asserting that its response to security issues in its products is more rapid than commercial developers like Microsoft, but the speed of a security fix is immaterial if impacted users cannot acquire the update.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Firefox just got a great new way to protect your privacy
Canva in Firefox on a MacBook.

If you’re fed up with signing up for new accounts online and then being perpetually spammed in the days and weeks after, Mozilla has an idea that could help. The company has just announced its Firefox Relay feature is being directly integrated into its Firefox web browser, and it could help guarantee your privacy without any extra hassle.

Firefox Relay works by letting you create email “masks” when you sign up for new accounts. Instead of entering your real credentials into the sign-up field, Firefox Relay provides you with a throwaway address and phone number to use. Any messages from the website -- such as purchase receipts -- are then forwarded to your real email address, with all the sender’s tracking information stripped out to protect your privacy.

Read more
Common macOS Ventura problems and how to fix them
A MacBook Pro M2 sits on a wooden table with a nice bokeh background.

Apple released macOS Ventura in late October of 2022 bringing several interesting features as well as a few new problems. If you're having trouble after upgrading from macOS Monterey to Ventura, here are some solutions that could help.
AirDrop isn't working

AirDrop is a fantastic feature when it works and incredibly frustrating when it doesn't. A macOS update sometimes leads to AirDrop problems. Luckily a few simple tips can usually correct the problem. The easiest solution is to open the Control Center and toggle AirDrop off and on again. You can also try switching between Contacts Only and Everyone.

Read more
Apple Security Research website launches to protect your Mac
Apple Seurity Research website has resources for bug bounty hunters.

Apple just launched a new website that's dedicated to macOS and iOS security and there are already two blog posts that provide examples of what to expect, one providing a deep dive into memory allocation within the XNU kernel at the heart of all Apple devices, and another discussing the improved security bounty process.

The new website will undoubtedly become a critical resource for Apple security researchers, both providing information and serving as a hub for submitting bounties. The Apple Security Research website is also where you can apply for an official Apple Security Research Device (SRD) to help with identifying vulnerabilities by providing special access to what are normally protected areas of iOS.

Read more