Firefox 2.0.0.13 Is Out
A new version of Firefox, 2.0.0.13, has been released today. It can be downloaded manually directly from mozilla.com. It is also available for automatic download. If you are running Windows, click “Help -> “Check for Updates…” menu option. You must have Administrator privileges or else it will be greyed out.
The “Known Vulnerabilities in Mozilla Products” Web page shows the update details. Six vulnerabilities were fixed: two critical, two high, one moderate and one low, some of them referencing multiple CVE’s. For additional details, check the Mozilla web page.
The most relevant one seems to be MFSA 2008-14: “JavaScript privilege escalation and arbitrary code execution”. It is associated to three CVE identifiers. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This setting is not turned by default and it’s usage is not recommended.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.