main
Report a problem

Firefox 2.0.0.3 updates security, stability

Slimy   on 21 March 2007 - 18:38 · 15 comments & 9366 views

Advertisement (Why?)
On March 20, Mozilla Corporation released new security and stability updates for both versions of its Firefox browser and for its Internet application suite, SeaMonkey. The new updates eliminate a situation where a malicious web page hosted on a specially-coded FTP server could exploit a minor FTP PASV port-scanning vulnerability to perform a rudimentary port-scan of machines inside the victim’s firewall. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network, a spokesperson said. The FTP protocol includes the PASV (passive) command, which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice, but Mozilla clients will now ignore the alternate server address.

News source: DesktopLinux

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: Slimy
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

 

Post a comment · Send to friend Comments · There are 15 additional comments
#1 Ficman on 21 Mar 2007 - 20:26
Excellent news
#2 +BeLGaRaTh on 21 Mar 2007 - 20:39
getting locate link browser dialogue since updating everytime I open a link from Outlook (2003) not seen that since pre v1.0.0.0
#3 Orange on 21 Mar 2007 - 21:04
Nice, just updated
(2 replies) #4 +WindowsNT on 21 Mar 2007 - 21:21
The Windows Media Palyer 11 plug in still doe snot work in Vista. Any way of making this work??
#4.1 +BeLGaRaTh on 21 Mar 2007 - 21:58
Have a look at this thread It worked for me
#4.2 +WindowsNT on 22 Mar 2007 - 11:10
Thanks, now works for me as well
(1 reply) #5 torrentthief on 21 Mar 2007 - 22:03
what are the bug fixes for this version, i know there are security fixes, which crashes are fixed tho?
#5.1 Cryton on 22 Mar 2007 - 00:03
Only one minor security vulnerability, and 5 other bugfixes, none of which were related to crashing (2.0.0.2 introduced some stupid regressions, which is why this 2.0.0.3 was punted out relatively quickly). Fixes in 2.0.0.3:
  • Script elements added with appendChild no longer execute synchronously (was: Firefox 2.0.0.2 update breaks Backbase enabled web sites)
  • onload doesn't fire for XHTML documents that contain a script tag (Firefox's RSS preview is broken)
  • Rendering problems for tfoot
  • Firefox 2.0.0.1 and later breaks automatic client certificate authentification
  • password trouble with multiple accounts after update to firefox 2.0.0.2 or 1.5.0.10
(1 reply) #6 duhk on 21 Mar 2007 - 22:30
No one else is having a problem using Yahoo Mail Beta with this version? When I log on, it tells me that they're not compatible with my browser version, then tells me to either download one of the compatible versions or revert back to the old Yahoo Mail.
#6.1 TRC on 22 Mar 2007 - 00:21
That's probably Yahoo's fault, I'm guessing they do a browser check and it doesn't recognize the latest Firefox yet.
#7 DKAngel on 22 Mar 2007 - 01:52
how the heck do u get java 6 working?
#8 richstad on 22 Mar 2007 - 13:39
I get this when installing on Vista - any help?

"Error opening filw for writing: rnr nxpicleanup.exe rnrn Click retry to try again, or rn cancel to stop the installation"
(1 reply) #9 Poof on 22 Mar 2007 - 14:26
You know... I haven't figured this out. How the HECK can you get those darned close "X"s in the same style as 1.5? =/ I preferred my X on the right side of all the tabs... Not on each individual tab...

Argh!
#9.1 Poof on 22 Mar 2007 - 14:35
Woot! Finally found out out.

In about:config the browser.tabs.closeButtons option... Just set it to "3" for classic tabs.
#10 El Sid on 22 Mar 2007 - 16:11
Quote -
a malicious web page hosted on a specially-coded FTP server could exploit a minor FTP PASV port-scanning vulnerability to perform a rudimentary port-scan of machines inside the victim’s firewall.


Oh I get it

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1387) © 2000 - 2008 Neowin.net