New Firefox 1.0.7 release fixes critical security bugs

The bugs are being addressed! Yes, with the latest release of Firefox, a number of security issues are in fact, being dealt with.

The Mozilla Foundation (Profile, Products, Articles) has released a new version of its Firefox browser that contains fixes for two critical security bugs in the software that were reported over the past week.

The most widely reported flaw concerns the IDN (International Domain Name) feature that Mozilla (Overview, Articles, Company) products use to process Web pages that do not use the Latin alphabet.

Links pointing to a host with a long name composed entirely of dashes can be crafted so that earlier versions of Firefox will execute arbitrary code of an attacker’s choosing. This means that an attacker theoretically could use the flaw to take control of a user’s machine, by launching what is called a buffer overflow attack. [Read the rest]