Mozilla has released a new security update for the Firefox Web Browser. Here is what is new according to the Firefox 1.0.7 change log:
- Fix for a potential buffer overflow vulnerability when loading a hostname with all soft-hyphens
- Fix to prevent URLs passed from external programs from being parsed by the shell (Linux only)
- Fix to prevent a crash when loading a Proxy Auto-Config (PAC) script that uses an “eval” statement
- Fix to restore InstallTrigger.getVersion() for Extension authors
- Other stability and security fixes
According to a Secunia vulnerability report, this still leaves Firefox with 3 out of 23 unpatched advisories. For comparisons sake, the Opera Web Browser (which is now free) has 0 out of 8 unpatched advisories and Microsoft’s dominant Internet Explorer has 19 out of 85 unpatched advisories.