A security issue in the Firefox browser and the Mozilla suite has been reported.

As of this writing there has been no known reported exploits. However, this is a buffer overflow issue, that in principle may cause a malicious author of special HTML web pages to remotely execute code on the victim's computer.

All versions of Firefox including the latest release version 1.06 are vulnerable. The same applies for all version of the Mozilla suite up to and including version 1.7.11.

The team behind these applications Mozilla.org has not yet come up with non-vulnerable versions of the browsers. However, information about workarounds has been published, and is available here.

One may expect new versions of the browsers without this security flaw to be available soon.  Until then Norman recommends users to follow the advice from Mozilla.org.

Update 2005.09.27

Firefox version 1.07 and Mozilla 1.7.12 are released. These versions are important bugfixes for the vulnerabilities described in this security advisory. Norman strongly advises to upgrade to the latest versions of the browsers.

• Download Firefox latest version
• Download Mozilla suite latest version

Per Olav Førland