Firefox 2.0.0.15 released on July 1, 2008
On July 1, 2008, Mozilla Foundation pushed out automatic and manual updates to its version 2 series Firefox browsers, bring the latest version number up to 2.0.0.15. The new version contain a dozen fixes ranging from low to critical. Five fixes are critical, four are high, two are moderate and one is low importance. Below is a list of the vulnerabilities fixed in Firefox 2.0.0.15.
Fixed in Firefox 2.0.0.15
MFSA 2008-33: Crash and remote code execution in block reflow
MFSA 2008-32: Remote site run as local file via Windows URL shortcut
MFSA 2008-31: Peer-trusted certs can use alt names to spoof
MFSA 2008-30: File location URL in directory listings not escaped properly
MFSA 2008-29: Faulty .properties file results in uninitialized memory being used
MFSA 2008-28: Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27: Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24: Chrome script loading from fastload file
MFSA 2008-23: Signed JAR tampering
MFSA 2008-22: XSS through JavaScript same-origin violation
MFSA 2008-21: Crashes with evidence of memory corruption (rv:1.8.1.15)
The release and installation notes, plus download links, are found here. If you already use Firefox version 2.x and have set the option to automatically check for and download updates, your update should await you now, or next time you open Firefox while connected to the Internet. If you prefer to do a manual update you can do it from your Firefox browser. Go to the menu item "Help" > "Check for Updates."
If you are still using Firefox 2.x you should obtain the update as soon as possible, to stay protected against the 12 attack vectors fixed in version 2.0.0.15. Better yet, you can upgrade all the way to the newest series, Firefox 3.x browser, here. Note, that if you use add-on extensions, many are still waiting to be updated by their authors, to be compatible with series 3 Firefox browsers, first released on June 17, 2008.
Take 10% Off 1 year of Trend Micro Internet Security 2009 - Use Coupon Code: TrendIS
Spyware Doctor is a multi-award winning spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, Trojans, keyloggers, spybots and tracking threats.
Spyware Doctor is fully capable of detecting and removing hidden processes associated with complex threats and rootkits. Such threats are otherwise difficult to remove by conventional means since they may be hidden to the operating system.
A Startup Scanner removes references to malicious programs that run at startup in the registry and Windows startup files, as well as malicious files in Windows startup locations.
State-of-the-art scanning engines, including file scan, memory scan, registry scan, browser helper objects scan, cookie scan and much more.
