The Mozilla Corporation plans
to rush out a minor update to Firefox, numbered 1.5.0.3, in order to address
a
denial-of-service vulnerability in the most recent version of the open
source Web browser. The move comes despite the flaw being rated "non-critical"
by security firm
Secunia. The security issue involves an error in the handling of unexpected
"contentWindow.focus()" JavaScript calls. A malicious Web site could be used to
"corrupt the memory and cause a crash by calling the "contentWindow.focus()"
method on a container with specially crafted content," according to an advisory.
Update: Firefox 1.5.0.3 RC Builds Now Available On Mozilla FTP