Firefox 2.0.0.5 Released, Multiple Vulnerabilities Addressed

Firefox 2.0.0.5 has been released. The latest update addresses multiple vulnerabilities including the Firefox “firefoxurl” URI Handler Registration Vulnerability which was labeled by Secunia as highly critical. Please update your Firefox Web browser ASAP if you don’t have auto-update enabled.

Bugs/Vulnerabilities Addressed

• MFSA 2007-25 - XPCNativeWrapper pollution
• MFSA 2007-24 - Unauthorized access to wyciwyg:// documents
• MFSA 2007-23 - Remote code execution by launching Firefox from Internet Explorer
• MFSA 2007-22 - File type confusion due to %00 in name
• MFSA 2007-21 - Privilege escallation using an event handler attached to an element not in the document
• MFSA 2007-20 - Frame spoofing while window is loading
• MFSA 2007-19 - XSS using addEventListener and setTimeout
• MFSA 2007-18 - Crashes with evidence of memory corruption

Download

The update is already available in the official Web site. Other platforms and languages for Firefox are also available.

For those who don’t have auto-update enabled, click Help - Check for Updates…

This entry was posted on Thursday, July 19th, 2007 at 2:06 and is filed under Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.