Firefox 1.5.0.3 is designed to fix a remotely exploitable vulnerabilty rated as Critical by FrSirt (French Security Incident Response Team) and Highly Critical by Secunia.

If you have Javascript enabled and designMode turned on, a remote black hat can force a call to a deleted controller context, which, at best, crashes the browser, and at worst, lets the attacker run evil code.

The problem was originally reported three weeks ago by Mozilla Security Group researcher Martijn Wargers and Nick Mott. To trigger a Firefox 1.5 crash, one needed to set an IFrame as an HTML edit frame, then load HTML containing another IFrame.

As the Mozilla team worked on a fix, others provided additional exploit proofs of concept.

While FrSirt describes the flaw as a memory corruption error, Mozilla developers say it is not the result of a buffer overflow.

All in all, the Mozilla crew took less than 3 weeks to release the fix… assuming the problem is entirely fixed.

This morning, Mott reported that, after updating to 1.5.0.3, Firefox no longer crashes, but “the contents of the outer IFrame still do not load correctly. I should be able to edit text inside around the embedded iframe.”

Developers are awaiting further input from Mott, but they believe the crash portion of the problem has been solved.

Before Internet Explorer-types get all lathered up, they should note that, while Secunia knows of only 3 outstanding Security advisories for up-to-date Firefox 1.x, and ranks them as Less Critical, the security authority lists 21 unresolved advisories for Internet Explorer 6.x, one of which is rated Highly Critical.

Secunia reports just two Not Critical issues hanging over the head of Safari 2.x, and zero, zip, nada security problems for Opera 8.x.

In all fairness, neither Safari 2.x nor Opera 8.x have been pounded on for as long, or by as many people as IE 6.x and Firefox 1.x.

Email Battles Backgrounder: