Mozilla on Tuesday posted Firefox 2.0.0.15, an update to its web browser that resolves several vulnerabilities, ranging from several benign problems, to critical bug fixes related to arbitrary code execution and remote control of a user's system. Among the major fixes are MFSA 2008-21, 2008-24, 2008-25, and 2008-33, which resolve crashes when memory is corrupted, Chrome script loading vulnerabilities, arbitrary code execution in a .loadSubScript() command, as well as crashing and remote code execution.
High level incidents fixed were MFSA 2008-22, 2008-23, 2008-27, and 2008-28. These relate to vulnerabilities with XSS through JavaScript, signed JAR tampering, arbitrary file uploads and socket connections.
Moderate and Low level problems consisted of MFSA 2008-29, 2008-30,2008-31, and 2008-32, which fix problems with a faulty .properties file, file location URLs, peer-trusted certifications, and remote sites being run as local files through a Windows URL shortcut.
In related news, Mozilla celebrated its entrance into the Guinness Book of World Records for achieving the "largest number of software downloads in 24 hours". According to Mozilla's blog, 8,002,530 users downloaded Firefox 3 from June 17th to the 18th.
Support for Firefox 2 will continue until mid-December.
No comments:
Post a Comment