May 31, 2007

Firefox security fixes for 2.0.x and 1.5.x series

Author: Shirl Kennedy

The Mozilla Foundation released Firefox 2.0.0.4 Wednesday, which incorporates patches for a handful of security issues, including one critical security vulnerability.

Vulnerabilities found include XUL popup spoofing, cross site scripting using addEventListener to inject script into another site, path abuse in cookies, persistent autocomplete DoS, and a critical vulnerability related to crashes indicating memory corruption.

Along with 2.0.0.4, Mozilla Corporation also issued an update for the Firefox 1.5.0.x series, release 1.5.0.12. According to the Mozilla Developer News announcement, this is likely to be the 1.5.0.x series final release. The "planned end of life for the 1.5.0.x series" has previously been extended due to "some recent changes in update functionality." Users are encouraged to upgrade to the latest Firefox 2.0.0.x release.

If you're stuck on Vista for some reason, you'll be pleased to note that this release also offers better support for Windows Vista, although the release notes list several caveats.

Additionally, this release adds Afrikaans and Belarusian to the extensive list of localized versions. Beta releases for Georgian, Kurdish, and Romanian are also available.

Shirl Kennedy is the senior editor of theDocuTickerandResourceShelfWeblogs as well as the "Internet Waves" columnist forInformation Today. She has been writing about technology since 1992.

Click Here!