Mozilla has pushed out a new version of Firefox that fixes a number of security bugs, including a high-profile bug involving launching Firefox from Internet Explorer.

Firefox version 2.0.0.5 also fixes a number of memory corruption and privilege escalation flaws, as explained in Mozilla's release notes here (http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5).

The release - available in Mac, Windows and Linux flavours - will be automatically pushed out to users within the next two days. Users still running running Firefox 1.5.0.x, which is no longer supported, are urged to upgrade to the Firefox 2 series.

In other security bug-related news, independent security researcher Michal Zalewski has unearthed a vulnerability in Internet Explorer, which might be exploited by a malicious website to spoof the address bar. The unpatched bug (http://secunia.com/advisories/26069) allows con-men to create more convincing phishing and revolves around flaws in the way IE7 implements the "document.open()" method of opening new browser windows.

An even more severe client-side risk comes from a pair of unpatched flaws (http://secunia.com/advisories/26086) in the Trillian multi-protocol IM client. Users are urged to disable the "aim://" URI handler in Trillian as a workaround, pending the delivery of security updates. ®

Related stories

Microsoft to search browsers for JavaScript compatibility (1 November 2007)
http://www.theregister.co.uk/2007/11/01/internet_explorer_javascript_microsoft/
Bad hair day for alternative browser users (19 October 2007)
http://www.theregister.co.uk/2007/10/19/alt_browser_vulns/
Firefox leak could divulge sensitive info (13 August 2007)
http://www.theregister.co.uk/2007/08/13/firefox_remote_leakage/
Making open-source browsing safe for the masses (2 August 2007)
http://www.theregister.co.uk/2007/08/02/window_snyder_interview/
Firefox update fixes bug brace (31 July 2007)
http://www.theregister.co.uk/2007/07/31/firefox_update/
Mozilla confirms own URL handling bug (25 July 2007)
http://www.theregister.co.uk/2007/07/25/firefox_url_bug/
Facebook buys Firefox startup (23 July 2007)
http://www.theregister.co.uk/2007/07/23/facebook_firefox_parakey/
A serious browser vulnerability, but whose? (11 July 2007)
http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/
Flaws galore in IE and Firefox (5 June 2007)
http://www.theregister.co.uk/2007/06/05/browser_vulns_identified/
Mozilla quashes Firefox JavaScript peril (1 June 2007)
http://www.theregister.co.uk/2007/06/01/firefox_update/
Mozilla patches faulty patch (7 March 2007)
http://www.theregister.co.uk/2007/03/07/mozilla_patch_fix/
Firefox hands out cookies from strangers (15 February 2007)
http://www.theregister.co.uk/2007/02/15/firefox_vuln/
IE and Firefox cough up hard drive contents (13 February 2007)
http://www.theregister.co.uk/2007/02/13/browser_vulns/
Firefox 2.0: happier browsing, but secure? (30 January 2007)
http://www.theregister.co.uk/2007/01/30/firefox_makes_steady_progress/
IE 'unsafe' for 284 days last year (5 January 2007)
http://www.theregister.co.uk/2007/01/05/ie_unsafe/
Firefox update guards against critical flaws (21 December 2006)
http://www.theregister.co.uk/2006/12/21/firefox_upgrade/
Mozilla flaws more joke than jeopardy (5 October 2006)
http://www.theregister.co.uk/2006/10/05/mozilla_flaw_joke/
Just how buggy is Firefox? (8 September 2006)
http://www.theregister.co.uk/2006/09/08/firefox_bug_analysis/
'Firefox flaw wrecked my relationship' (23 March 2006)
http://www.theregister.co.uk/2006/03/23/firefox_bug_engagement_split_rumpus/