main

Handful of bugs squashed in Firefox security fix

Steven Parker   on 27 November 2007 - 09:59 · 6 comments & 3669 views

Advertisement (Why?)
Mozilla has released an update to its Firefox browser, fixing a widely publicized flaw in the open-source software. The 2.0.0.10 update fixes a handful of memory corruption flaws that crash Firefox and a cross-site request forgery flaw that could give attackers a way to get unauthorized access to certain Web sites. But the most anticipated bug fix in this release addresses a problem in the way Firefox processes files that are compressed using the .jar (Java Archive) format.

Firefox does not properly check .jar files, giving attackers a way to launch Web-based cross-site-scripting attacks against Firefox users. The bug was first reported in February, but it gained widespread attention in early November when security researchers showed how it could be used in cross-site scripting attacks to run unauthorized code on the victim's PC. The memory corruption bugs could also have led to more serious problems, Mozilla said in its note on the bugs. "We presume that with enough effort, at least some of these could be exploited to run arbitrary code," the note reads.

Download: Firefox 2.0.1.0
View: Full Article @ InfoWorld

Share this Article

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 6 additional comments
#1 RAID 0 on 27 Nov 2007 - 10:02
Good deal! Bug fixes are always welcome!
#2 +cJr. on 27 Nov 2007 - 14:58
Does this fix when Firefox crashes whilst trying to upload photos to Facebook???
(1 reply) #3 Dakkaroth on 27 Nov 2007 - 16:57
2.0.1.0?
#3.1 caesar on 27 Nov 2007 - 19:28
Yah, version 10 of the 2.X branch or whatever.

I got a lot of crashes lately when I was loading a addon on to Firefox. Hopefully it had been fixed.
#4 kieran776 on 27 Nov 2007 - 21:24
The download link should be

Download: Firefox 2.0.0.10

NOT

Download: Firefox 2.0.1.0



and with firefox so close, what ever happened to 2.5.0.0 ??
#5 -Hiroshi- on 27 Nov 2007 - 22:56
Man, unprofessional journalism at it's best, it's 2.0.0.10.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.897) © 2000 - 2008 Neowin.net