Firefox 2.0.0.3 updates security, stability

On March 20, Mozilla Corporation released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey. The new updates eliminate a situation where a malicious web page hosted on a specially-coded FTP server could exploit a minor FTP PASV port-scanning vulnerability to perform a rudimentary port-scan of machines inside the victim's firewall. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network, a spokesperson said. The FTP protocol includes the PASV (passive) command, which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice, but Mozilla clients will now ignore the alternate server address.

News source: DesktopLinux

Report a problem with article
Previous Story

Apple begins shipping AppleTV

Next Story

UK Police Warn Retailers of PS3 Launch Dangers

15 Comments

Commenting is disabled on this article.

a malicious web page hosted on a specially-coded FTP server could exploit a minor FTP PASV port-scanning vulnerability to perform a rudimentary port-scan of machines inside the victim’s firewall.

Oh I get it

You know... I haven't figured this out. How the HECK can you get those darned close "X"s in the same style as 1.5? =/ I preferred my X on the right side of all the tabs... Not on each individual tab...

Argh!

Woot! Finally found out out.

In about:config the browser.tabs.closeButtons option... Just set it to "3" for classic tabs.

I get this when installing on Vista - any help?

"Error opening filw for writing: \r\n\r nxpicleanup.exe \r\n\r\n Click retry to try again, or \r\n cancel to stop the installation"

No one else is having a problem using Yahoo Mail Beta with this version? When I log on, it tells me that they're not compatible with my browser version, then tells me to either download one of the compatible versions or revert back to the old Yahoo Mail.

Only one minor security vulnerability, and 5 other bugfixes, none of which were related to crashing (2.0.0.2 introduced some stupid regressions, which is why this 2.0.0.3 was punted out relatively quickly). Fixes in 2.0.0.3:

  • Script elements added with appendChild no longer execute synchronously (was: Firefox 2.0.0.2 update breaks Backbase enabled web sites)
  • onload doesn't fire for XHTML documents that contain a script tag (Firefox's RSS preview is broken)
  • Rendering problems for tfoot
  • Firefox 2.0.0.1 and later breaks automatic client certificate authentification
  • password trouble with multiple accounts after update to firefox 2.0.0.2 or 1.5.0.10

getting locate link browser dialogue since updating everytime I open a link from Outlook (2003) not seen that since pre v1.0.0.0