Just one day after the Mozilla Foundation released Firefox 1.0, the group has revealed that prior versions of the open-source browser pose a security threat to users. According to information released by Mozilla, multiple security holes have been plugged in all beta versions of Firefox to correct flaws that could lead to security bypass, exposure of sensitive data, privilege escalation and DoS (denial of service) attacks.
Research firm Secunia rates the vulnerabilities as "moderately critical" and recommended that users upgrade to Firefox 1.0. Mozilla warned that successful exploits could also detect the presence of local files, spoof the file download dialog, or gain escalated privileges on vulnerable machines. Details from a modified Bugzilla post show that Web sites that include images from local resources could be exploited to determine the existence of local images or cause a DoS by referencing certain devices.
News source: eWeek