Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Firefox 2.0.0.13 is out InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox 2.0.0.13 is out

Published: 2008-03-26
Last Updated: 2008-03-26 10:24:34 UTC
by Raul Siles (Version: 2)
0 comment(s)

A new version of Firefox, 2.0.0.13, has been released today. It is available for manual download directly from www.mozilla.com. It is also already available for automatic download, but remember (if you are running Windows) that the "Help --> Check for Updates..." menu option is greyed out if you don't have Administrator privileges.

UPDATE: The "Known Vulnerabilities in Mozilla Products" Web page now shows the details. Six vulnerabilities are fixed: two critical, two high, one moderate and one low, some of them referencing multiple CVE's (please, check the Mozilla web page for details).

The most relevant one seems to be MFSA 2008-14: "JavaScript privilege escalation and arbitrary code execution". Another good reason to run the NoScript add-on. It is associated to three CVE identifiers. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail (not the default setting and not recommended).

Thanks roseman and other anonymous readers for the heads up, and those that alerted us to the availability of the updated Known Vulnerabilities page.
--
Raul Siles
www.raulsiles.com

Keywords: firefox
0 comment(s)
Diary Archives