MozillaZine: Mozilla Firefox 2.0.0.16 Released

Mozilla Firefox 2.0.0.16 was released this week. The stability and security update to Firefox 2 fixes two security bugs, which are detailed in the Firefox 2.0.0.16 section of the Security Advisories for Firefox 2.0 page. Both are rated Critical, the highest of the four ratings. One flaw is related to how Firefox handles command-line URLs to open multiple tabs and allows an attacker to open potentially malicious URLs in Firefox from another application. One variant of this attack exploits the widely-reported Safari carpet-bombing vulnerability but others also exist. Somewhat ironically, the exploit relies on Firefox not being open at the time of the attack. The other vulnerability allows an attacker to crash and run arbitrary code on a victim's computer by overflowing a CSS object reference counter. The detailed bug reports for both issues are currently access-restricted to avoid assisting attackers but will be fully opened after users have had some time to install Firefox 2.0.0.16. Although Firefox 3 was released in June and all users are encouraged to upgrade, Firefox 2 will be maintained with security and stability upgrades until mid-December 2008, according to the Mozilla Developer News weblog, which reported on the release of Firefox 2.0.0.16 on Tuesday. view original article
Sat, 19 Jul 2008 18:41:53 +0200

more Planet Mozilla articles