Seven security updates and Vista support for Firefox 2.0

By Stan Beer
Sunday, 25 February 2007 04:44

Your IT - Home IT

Those of us who have been using the Mozilla Firefox web browser for a couple of years were yesterday treated to an impromptu security upgrade. In addition, those among the steadily growing band of Firefox users who intend to upgrade to Microsoft's new VIsta operating system anytime soon may be pleased to know that Firefox 2.002 now includes Vista support.

Those who are interested in knowing which vulnerabilities could be exploited prior to the fixes, they're listed below:

MFSA 2007-07  Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

To view the fixed bugs in detail, users can visit the Mozilla page.

Unlike Microsoft, Mozilla didn't flag the security update in advance but simply sprung it on users in the middle of a browsing session.