Mozilla patches three Firefox security vulnerabilities

By on November 27, 2007, 8:43 AM
As promised a few days ago, the Mozilla developers this morning released Firefox version 2.0.0.10. The update is the ninth security update to the open-source browser this year and addresses three high impact security vulnerabilities, including a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information a published proof-of-concept demonstrates stealing the Gmail contact list of users logged-in to the service.

Firefox 2.0.0.10 also fixes three memory corruption bugs, which could be exploited to crash systems and inject code, and a cross-site request forgery vulnerability that could allow an attacker to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. Automatic update screens should now be popping up for Firefox users, so you can either use the auto update function within the browser or head to our download section to get the latest version now.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.