Mozilla Releases Firefox Browser 2.0.0.12 Security Update

On February 7, 2008, Mozilla.org released the newest update to the renowned Firefox browser; version 2.0.0.12. This is primarily a security release, fixing ten major issues, nine of which deal with security vulnerabilities. If you are allowing Firefox to automatically check for updates you should be getting yours sometime on Feb 8, 2008, in a little pop-up notice. Otherwise, if you are in a hurry to upgrade now, open Firefox 2.x, click on the menu item Help >> Check for Updates. A pop-up box will appear, then check for updates, then will display the notice that a new version, 2.0.0.12 is available. You can just download the minimum required files and upgrade it on the spot. After the files are downloaded to a temporary directory the installer will ask for permission to restart Firefox, which should only take about 30 seconds, or so. You can confirm that you have the new version by clicking on the Menu item Help >> About Mozilla Firefox.

Firefox is also available for manual downloading and installation, from the main Firefox product page. Just download it and install it over the previous version. It will import/re-use all of your Bookmarks and History, and your Add-ons, if they are still compatible with the new release and it's security fixes. Rest assured, that most add-ons get updated shortly after the authors learn that they have stopped working in a new security release, or major build upgrade.

If you prefer to use a version of Firefox in a language other than English, there is a link in the lower right area of the Download page, where you can select your desired language. There are currently 44 different language versions of Firefox available. They are all available for Windows, Mac OSX and Linux operating systems.

What's New in Firefox 2.0.0.12?

Fixed in Firefox 2.0.0.12
MFSA 2008-11 - Web forgery overwrite with div overlay
MFSA 2008-10 - URL token stealing via stylesheet redirect
MFSA 2008-09 - Mishandling of locally-saved plain text files
MFSA 2008-08 - File action dialog tampering
MFSA 2008-06 - Web browsing history and forward navigation stealing
MFSA 2008-05 - Directory traversal via chrome: URI
MFSA 2008-04 - Stored password corruption
MFSA 2008-03 - Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 - Multiple file input focus stealing vulnerabilities
MFSA 2008-01 - Crashes with evidence of memory corruption (rv:1.8.1.12)

If you are not already using Firefox and wonder why you should switch, I'd say that security is reason number 1, as Firefox simply does not run or interpret any of the ActiveX Controls that are used in Internet Explorer. Most, but not all, hostile take-overs of Internet Explorer occur via ActiveX exploits. When a new security vulnerability is found in the Wild, for Firefox, the developers usually come out with a patched version in a matter of days. Internet Explorer users usually have to wait a month for patches, which come with your monthly Patch Tuesday Windows Updates. Which reminds me to remind you; Windows Updates are coming next Tuesday, February 12. There will be 12 security updates, including one for Internet Explorer.

Note; If you use a software firewall that monitors files for changes, like ZoneAlarm does, you will need to approved the changed Firefox browser permission to continue to access the Internet. The same will apply to Internet Explorer, next Tuesday. This happens because the file sizes and signatures are changed when the browsers are patched to a new version number. Just tell your Firewall that the change is allowed and have it remember your decision.