Security update for Firefox web browser
As promised a few days ago, the Mozilla developers have released a security update for the Firefox open-source web browser. Version 2.0.0.10 closes a total of three security holes discovered since the last update. The flaws remedied each include the vulnerability in the implementation of the jar protocol, which allowed attackers to fool certain protective measures/filters used by such websites as MySpace and others against cross-site scripting and active content. Attackers were thereby able to access user login information.
The Mozilla Foundation says that the vulnerabilities are critical. In addition to the jar problem, there was a bug that enabled referrer spoofing and a flaw that could be exploited to crash systems and inject code. Firefox users should install the new version as soon as possible. Firefox 2.0.0.10 can be downloaded for Windows, Mac OS X, and Linux in various languages. The new version will gradually be automatically installed on all systems via the browser's automatic update function.
(ehe)