By Robert McMillan, IDG News Service
Mozilla has released an update to its Firefox browser, fixing a known security flaw in the open-source software.
The bug, reported last week, relates to the way Firefox handles JavaScript code. It could be exploited by attackers to crash an unpatched browser, and, in theory, could also provide them with a way to trick the browser into running malicious code, Mozilla said in a security alert.
The problem has to do with an error caused when Firefox handles certain unexpected “contentWindow.focus()” JavaScript code. It can be circumvented by disabling Firefox’s JavaScript handling capability.
Users of the older Firefox 1.0 browsers and the Mozilla Suite 1.7 are not affected by the flaw, and Firefox 1.5 users should soon start to receive software patches under the browser’s automatic update system.
Mozilla developers said last week that they had reduced the number of features in the 1.5.0.3 update in order to speed up the release of this security fix.
Release notes for the 1.5.0.3 browser can be found here.