Originally posted on February 23, 2007 @ 5:44 pm
Mozilla updated its Firefox browser earlier today to patch 7 vulnerabilities marked “critical” by the Mountain View, California open-source developer.
Below is a list of the patches in Firefox version 2.0.0.2:
- Embedded nulls in location.hostname confuse same-domain checks
- Mozilla Network Security Services (NSS) SSLv2 buffer overflow
- XSS and local file access by opening blocked popups
- Spoofing using custom cursor and CSS3 hotspot
- Information disclosure through cache collisions
- Improvements to help protect against Cross-Site Scripting attacks
- Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)
Mozilla recommends that all Firefox users upgrade to this latest version, so if you use Firefox, which you should be, go grab the latest update.
Visit the Official Firefox download page for more information.