Firefox 2.0.0.15 is released – Mozilla fixes 12 issues (Brief)

by Steve Ragan - Jul 3 2008, 14:59

Mozilla has released a security and stability patch for the 2.x branch of the Firefox browser. Manual updates are instant, and those of you with automatic downloads turned on may already have the update. There were twelve issues fixed, four of them critical.

Mozilla issues security and performance update to Firefox 2.0. (IMG:J.Anderson)

There were four critical issues, four high level issues, two moderate issues, two low level issues and a Partridge in a Pear Tree released on Tuesday. (Ed. Ok, so I made that last one up.) The critical issues, as outline in the Mozilla Firefox Security Advisories 2008-21, 24, 25, and 33, deal with memory corruption issues, problems with Chrome, code execution, and remote code execution respectively.The remote code execution vulnerability stems from a reported crash in Mozilla's “block reflow code” that could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. The other code execution, MSFA2008-25, was located by a Mozilla researcher.“Mozilla security researcher moz_bug_r_a4 reported that mozIJSSubScriptLoader.LoadScript() only applied XPCNativeWrappers to scripts loaded from standard chrome: URIs. Add-ons using this feature to load scripts from other schemes such as file: or data: (typically dynamically generated scripts) and chrome: URIs using non-canonical package names (e.g. uppercase) did not have the protective wrappers applied. If the scripts interact with web content in any way that content could exploit the unwrapped scripts to run arbitrary code. Firefox itself does not use this feature in a vulnerable way and users who have not installed any Add-ons are not at risk. We have, however, identified popular Add-ons using this feature whose users are at risk and there are no doubt others,” the advisory says.As mentioned, you can manually update Firefox, or odds are you have the update already thanks to the auto-update features. Mozilla said that Firefox 2.0.0.x will be maintained with security and stability updates until mid-December 2008. However, they are encouraging all users are to upgrade to Firefox 3.

Talkback

There are currently no comments for this article. Be the first to comment! (no registration required)

Security: Index; News

: Features; Reviews

Advertising

Latest

Dell accused of hoodwinking customers with fake low-price offers
Nintendo says 2009 will address lack of hardcore Wii software
Microsoft cuts Zune prices ahead of Black Friday
Monty Python team announces new YouTube channel
HP TouchSmart tx2 offers finger-tip interaction

Advertising

In The Tech Herald

: Home; Hardware; Software; Security; Internet; Networking; Gadgets; Entertainment; Science; Current Affairs
Other Languages and Sites: Monsters and Critics; Deutschland (Monsters and Critics)

Site

: About Us; Contact Us; The Team; RSS Feeds; Privacy

The Fine Print

© 2008 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint