Mozilla Releases Firefox Browser 2.0.0.7 Security Update

Mozilla, the owners of the Firefox browser, have released a security update on September 18, 2007, labeled version 2.0.0.7 . This update fixes just one critical vulnerability that was able to be exploited with a QuickTime Media File running a command against the Firefox "chrome." Successful exploitation could lead to complete browser, and/or system takeover, depending on the privileges of the logged in user. Yesterday's updates end the ability of third party software to run command lines in Firefox, entirely.

Firefox can be updated from within the program interface by clicking on Help > Check for Updates. If you see that a new version is available allow it to download and install it. Your browser will close for a minute, then re-open as a new version. If you use a software firewall, like ZoneAlarm, it will pop-up a challenge because the MD5 checksum of Firefox has changed. Allow the change and allow it to access the Internet.

All of the extensions that worked in version 2.0.0.6 continued to work after upgrading to 2.0.0.7. If you don't already have Firefox you can download the current version here

Despite Firefox releasing a patched version, the actual vulnerable program is and remains the Apple Quicktime plug-in. Expect a patched version to be available soon. I will blog about it when it becomes available.

Trend Micro Internet Security products,

for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.