Firefox 2.0.0.15 released on July 1, 2008
On July 1, 2008, Mozilla Foundation pushed out automatic and manual updates to its version 2 series Firefox browsers, bring the latest version number up to 2.0.0.15. The new version contain a dozen fixes ranging from low to critical. Five fixes are critical, four are high, two are moderate and one is low importance. Below is a list of the vulnerabilities fixed in Firefox 2.0.0.15.
Fixed in Firefox 2.0.0.15
MFSA 2008-33: Crash and remote code execution in block reflow
MFSA 2008-32: Remote site run as local file via Windows URL shortcut
MFSA 2008-31: Peer-trusted certs can use alt names to spoof
MFSA 2008-30: File location URL in directory listings not escaped properly
MFSA 2008-29: Faulty .properties file results in uninitialized memory being used
MFSA 2008-28: Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27: Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24: Chrome script loading from fastload file
MFSA 2008-23: Signed JAR tampering
MFSA 2008-22: XSS through JavaScript same-origin violation
MFSA 2008-21: Crashes with evidence of memory corruption (rv:1.8.1.15)
The release and installation notes, plus download links, are found here. If you already use Firefox version 2.x and have set the option to automatically check for and download updates, your update should await you now, or next time you open Firefox while connected to the Internet. If you prefer to do a manual update you can do it from your Firefox browser. Go to the menu item "Help" > "Check for Updates."
If you are still using Firefox 2.x you should obtain the update as soon as possible, to stay protected against the 12 attack vectors fixed in version 2.0.0.15. Better yet, you can upgrade all the way to the newest series, Firefox 3.x browser, here. Note, that if you use add-on extensions, many are still waiting to be updated by their authors, to be compatible with series 3 Firefox browsers, first released on June 17, 2008.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.