New version of Firefox web browser fixes security holes

July 27, 2006 Sophos Press Release

Mozilla has released version 1.5.0.5 of its Firefox web browser, fixing security vulnerabilities
Mozilla has released version 1.5.0.5 of its Firefox web browser, fixing security vulnerabilities.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have advised businesses and home users to update their copies of the Mozilla Firefox web browser, in order to protect against a number of serious security flaws which could be exploited by malicious hackers.

Firefox version 1.5.0.5 is not connected to Firefox 2.0, the eagerly anticipated major new version of the web browser, which is currently in beta.

"It's critical that users of Firefox's web browser keep updated to protect against security vulnerabilities," said Graham Cluley, senior technology consultant for Sophos. "It makes sense for all computer users to remain alert about the latest security flaws, and ensure they are running the latest patched version of their chosen internet browser."

More information about version 1.5.0.5 of Firefox, and details of the security issues it claims to fix, can be found on Mozilla's website.

FireSpy Trojan horse poses as extension for Mozilla Firefox

The release of the new version of Firefox comes just after news broke of a new piece of malware that poses as an extension to the popular web browser.

The FireSpy-A Trojan horse, also known as FormSpy, infects computers that have already been hit by the Dloadr-AKL Trojan horse. The FireSpy Trojan horse installs itself into the Registry and can steal passwords, credit card numbers and confidential data from users of Mozilla Firefox.

"It has been much more common for hackers to target users of Microsoft Internet Explorer than Firefox," said Cluley. "Even though we do not believe that the FireSpy Trojan horse poses a significant threat, it is still a timely warning that all computer users - regardless of whose software they use - need to be careful about what code they run on their PCs, and ensure they are properly protected."

Sophos has been protecting against the FireSpy-A and Dloader-AKL Trojan horses since 07:26 GMT on 25 July 2006.

Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.