Firefox 1.0.7 Fixes Security Glitches

By Geoff Duncan September 23, 2005

On Wednesday, the Mozilla Foundation released Firefox 1.0.7 for Windows, Mac OS X, and Linux; the new release includes a number of minor changes, but most importantly fixes two potentially serious security issues which have been widely publicized in recent days.

The most-reported problem fixes an issue with Firefox’s International Domain Name (IDN) feature, which enables Mozilla products to display and resolve Internet domain names using international and/or non-Latin character sets. Links pointing to a long domain name composed entirely of dashes could trigger a buffer overflow which (in theory) could have enabled an attacker using a carefully crafted link to execute arbitrary code on a user’s machine. Although there have been no known exploitations of this problem, Mozilla quickly posted information on how to disable IDN while they worked on a solution.

A second serious issue potentially enabling malicious URLs to execute shell scripts under Linux is also addressed in the FireFox 1.0.7 release, along with a potential crash using certain Proxy Auto-Config scripts and some bugs with earlier editions of FireFox which were re-introduced with previous 1.0.x security updates.

The Mozilla Foundation encourages all Firefox users to download and install the 1.0.7 update, which is all well and good; however, repeated attempts to download the update from the Mozilla.org site have failed for more than 30 hours, delaying access to (and coverage of) this update. The Mozilla Foundation has been repeatedly asserting that its response to security issues in its products is more rapid than commercial developers like Microsoft, but the speed of a security fix is immaterial if impacted users cannot acquire the update.

Editors' Recommendations

Former Digital Trends Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Computing

How macOS Sonoma could fix widgets — or make them even worse

Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Computing

This macOS concept fixes both the Touch Bar and Dynamic Island

Concept of macOS dynamic dock.

What if your macOS dock behaved more fluidly, dynamically morphing to show background processes such as download progress, media controls, text messages, and so on?

The following concepts demonstrate "what if" macOS and iOS Live Activities got together and had a child, and they have certainly got my imagination going.

Computing

Is macOS more secure than Windows? This malware report has the answer

A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.