Firefox 2.0.0.10 update released


— 12:13 PM on November 27, 2007

Some techies and propellerheads are probably already using the recently released Firefox 3 beta for their day-to-day browsing, but for the rest of us, Mozilla has released an update that plugs a number of security holes in Firefox 2. The update, numbered 2.0.0.10, patches three security issues all rated as "high" impact.

The first issue had to do with a bug that allowed HTTP referrer headers to be faked, enabling cross-site request forgery attacks against some websites. The second issue related to three memory corruption bugs, which Mozilla believed could, "with enough effort," be harnessed to run arbitrary code. Finally, the third issue pertained to Java archives, or jars, which in one example could be misused to steal the GMail contact list of a user logged into Google's webmail software.

As usual, Firefox 2.0.0.10 can be grabbed from the Firefox download page on Mozilla's site. Users of previous versions of Firefox 2.0 can also update by going into the browser's "Help" menu and clicking "Check for updates." (Thanks to TR regular Usacomp2k3 for the heads-up.)

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.