Firefox 2.0.0.5 released, resolves security flaw
Plugs a flaw where Internet Explorer could trick Firefox into executing malicious code.
[Published Wednesday, July 18th]
Firefox 2.0.0.5, the latest version of the Mozilla organization's open-source Web browser, has been released for Mac OS X.
The new release includes a fix for the firefoxurl:// security exploit, which allows an attacker to use Microsoft Internet Explorer to trick Firefox into executing malicious code. Mozilla.org says:
"Whether Firefox or IE is responsible for the flaw has been a matter of debate over the past week. The Mozilla Foundation security advisory about the firefoxurl:// issue maintains that it's a problem in IE and notes that other applications could be exploited in the same way. Others have argued that it's Firefox's responsibility to vet incoming data (something 2.0.0.5 now does)."
Other holes plugged include:
- File type confusion due to in name
- MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
- MFSA 2007-20 Frame spoofing while window is loading
- MFSA 2007-19 XSS using addEventListener and setTimeout
- MFSA 2007-18 Crashes with evidence of memory corruption
The new release is available as a 17MB standalone download.
Problems after updating? Please let us know.
Resources