praka123
left this forum longback
Firefox 2.0.0.5 is available for download.there is this mentioned that crashes based on memory corruption is fixed.Let's wait and see
*www.mozilla.com/en-US/
*www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5Fixed in Firefox 2.0.0.5
MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption
*www.mozilla.com/en-US/
*www.mozillazine.org/talkback.html?article=22211Mozilla Firefox 2.0.0.5 Released with Fix for firefoxurl:// Exploit
Wednesday July 18th, 2007
Mozilla Firefox 2.0.0.5 has been released and is currently being distributed to Firefox 2 users via the application's built-in software update system. The browser upgrade fixes several security bugs, which are detailed in the Firefox 2.0.0.5 section of the Mozilla Foundation Security Advisories page.
Firefox 2.0.0.5 includes a fix for the firefoxurl:// security exploit, which allows an attacker to use Microsoft Internet Explorer to trick Firefox into executing malicious code. Whether Firefox or IE is responsible for the flaw has been a matter of debate over the past week. The Mozilla Foundation security advisory about the firefoxurl:// issue maintains that it's a problem in IE and notes that other applications could be exploited in the same way. Others have argued that it's Firefox's responsibility to vet incoming data (something 2.0.0.5 now does).
Firefox 2.0.0.5 can be downloaded from the Firefox product page. The Firefox 2.0.0.5 Release Notes contain more general information about the upgrade. A similar update for Mozilla Thunderbird is expected shortly.