Firefox update addresses multiple flaws

Stephen Withers
Friday, 08 February 2008 09:00

Business IT - Open Source

As expected, Firefox 2.0.0.12 has been released to fix the directory traversal flaw discovered last month.

The flaw affected Firefox installations with add-ons that store their components in multiple files rather than a single .jar file.

Several other security issues - some judged more serious than the 'chrome' problem - are also fixed in the new release of the popular open source browser.

These include stability bugs potentially allowing the execution of arbitrary code, and others that could be used to steal a file from a known location, cause privilege escalations, corrupt stored passwords, steal the navigation history, trick a user into confirming security dialogs, steal passwords or other sensitive information transmitted as URL parameters, and conceal a web forgery.

In related news, Firefox 3 Beta 3 is being prepared for release. A test day is being held on Friday, February 8, with the public debut of Beta 3 planned for the evening of February 12 (US Pacific Standard Time).