Fx 2.0.0.5 Released with Fix for firefoxurl:// Exploit

Posted: Wednesday, July 18, 2007 by El Guru in Firefox, Fx 1.5, Fx 2.0, Mozilla News, Releases

Mozilla has released Firefox 2.0.0.5, a security upgrade.

From mozillaZine.org:

 

Firefox 2.0.0.5 includes a fix for firefoxurl:// security exploit, which allows an attacker to use Microsoft Internet Explorer to trick Firefox into executing malicious code. Whether Firefox or IE is responsible for the flaw has been a matter of debate over the past week. The Mozilla Foundation security advisory about the firefoxurl:// issue maintains that it’s a problem in IE and notes that other applications could be exploited in the same way. Others have argued that it’s Firefox’s responsibility to vet incoming data (something 2.0.0.5 now does).

You should be presented with an update offer within the next 24 hours or you can activate it now by going to Help then select Check for Updates… See complete Firefox 2.0.0.5 Release Notes for full details of this upgrade.

Also for those Fx 2.0 users on the Nightly Channel, you should start getting updates labeled as version 2.0.0.6pre in next couple days.

Attention Firefox 1.5 Users: There is NOT a security update for the Firefox 1.5 builds. Mozilla no longer supports these builds as of May 30th with the release of Firefox 1.5.0.12. Users are strongly urged to upgrade to Firefox 2.0!!!

Comments
  1. simurgh says:

    of course it’s microsoft’s fault. they still have security vulnerabilities in IE7 that came from version 3,4,5, of IE

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s