New update for Firefox web browser

While work on Firefox 3.0 continues, the developers at the Mozilla Foundation have released a new update for the 2.x series of its open-source web browser. Firefox 2.0.0.8 is already available in several languages for Windows, Mac OS X, and Linux. The new version is also being gradually distributed via the browser's automatic update function.

According to the developers, Firefox 2.0.0.8 is also compatible with Apple's forthcoming Leopard operating system (Mac OS X 10.5). However, they say there are still some known problems that could detrimentally affect the functioning of the Web browser under the forthcoming operating system, including trouble with a few media plug-ins.

In addition to providing compatibility with Mac OS X 10.5, the developers have patched eight vulnerabilities in Firefox 2.0.0.8, two of which are considered critical. The first bug causes systems to crash and may allow attackers to inject arbitrary code. The second flaw could allow attackers to execute arbitrary JavaScript code with the rights of the local user.

Furthermore, the programmers of Firefox have included another fix to get around the vulnerability stemming from the handling of URIs in Windows. While Microsoft has promised a patch for Windows to remedy the vulnerability that can be exploited when other programs are called, there is still no sign of its release; to make matters worse, the unofficial URI patch has its own flaws.

Several of the vulnerabilities also affect the Thunderbird e-mail client and the Seamonkey Web suite. The upcoming versions of Thunderbird 2.0.0.8 and Seamonkey 1.1.5 have not, however, been released yet although the bug fixes for Sea monkey have at least been described.

(mba)