Original URL: http://www.theregister.co.uk/2007/07/31/firefox_update/
Firefox update fixes bug brace
Booby trap link bug defused
Posted in Security, 31st July 2007 11:17 GMT
Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update.
Firefox version 2.0.0.6 addresses a critical vulnerability (http://www.mozilla.org/security/announce/2007/mfsa2007-27.html) that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security researchers last week, created a means for hackers to install malware on a Windows PC simply by convincing potential marks to click on a doctored link.
The update also fixes a less serious privilege escalation vulnerability involving Firefox add-ons.
The release - available in Mac, Windows, and Linux flavours - will be automatically pushed out to users within the next two days. Mozilla's release notes can be found here (http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.6).
Users of Thunderbird, Firefox's email client, and Mozilla's SeaMonkey suite also need to upgrade as a result of the same bugs to versions 2.0.0.6 and 1.1.4, respectively.
The update is the second from Mozilla in two weeks. Firefox version 2.0.0.5, the previous update, fixed a number of memory corruption and privilege escalation flaws, including a high-profile bug involving launching Firefox from Internet Explorer. ®