New version of Firefox closes many security holes
Mozilla has on Thursday released version 18.104.22.168 of the Firefox browser, which eliminates a number of security holes. There are only eleven vulnerability reports, but some of them cover several flaws. The developers describe at least three of these as critical, including a bug that allows a manipulated web site to use designMode frames to read the browser history. It can also crash the browser. The developers also believe the bug could be exploited to insert code.
The recently discovered directory traversal hole has also been closed. Attackers can exploit the hole by means of manipulated
chrome:// links in some HTML tags on web pages, using browser add-ons that are not packed as .jar archives but as "flat packages". The other errors are less critical or non-critical.
Seamonkey has also been updated to Version 1.1.8. Users of Firefox, Thunderbird and Seamonkey can update their installations by using the integrated update function. Users of most Linux distributions will have to wait for the new packages, because the automatic update is disabled in the applications themselves.
- Known Vulnerabilities in Mozilla Products, vulnerability report from the Mozilla Foundation