As promised a few days ago, the Mozilla developers this morning released Firefox version 2.0.0.10. The update is the ninth security update to the open-source browser this year and addresses three high impact security vulnerabilities, including a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information - a published proof-of-concept demonstrates stealing the Gmail contact list of users logged-in to the service.
Firefox 2.0.0.10 also fixes three memory corruption bugs, which could be exploited to crash systems and inject code, and a cross-site request forgery vulnerability that could allow an attacker to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. Automatic update screens should now be popping up for Firefox users, so you can either use the auto update function within the browser or head to our download section to get the latest version now.