Original URL: http://www.theregister.co.uk/2007/07/31/firefox_update/
Firefox update fixes bug brace
Booby trap link bug defused
Posted in Security, 31st July 2007 11:17 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update.
Firefox version 2.0.0.6 addresses a critical vulnerability [1] that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security researchers last week, created a means for hackers to install malware on a Windows PC simply by convincing potential marks to click on a doctored link.
The update also fixes a less serious privilege escalation vulnerability involving Firefox add-ons.
The release - available in Mac, Windows, and Linux flavours - will be automatically pushed out to users within the next two days. Mozilla's release notes can be found here [2].
Users of Thunderbird, Firefox's email client, and Mozilla's SeaMonkey suite also need to upgrade as a result of the same bugs to versions 2.0.0.6 and 1.1.4, respectively.
The update is the second from Mozilla in two weeks. Firefox version 2.0.0.5, the previous update, fixed a number of memory corruption and privilege escalation flaws, including a high-profile bug involving launching Firefox from Internet Explorer. ®