Fx 2.0.0.5 Released with Fix for firefoxurl:// Exploit

Mozilla has released Firefox 2.0.0.5, a security upgrade.

From mozillaZine.org:

 

Firefox 2.0.0.5 includes a fix for firefoxurl:// security exploit, which allows an attacker to use Microsoft Internet Explorer to trick Firefox into executing malicious code. Whether Firefox or IE is responsible for the flaw has been a matter of debate over the past week. The Mozilla Foundation security advisory about the firefoxurl:// issue maintains that it’s a problem in IE and notes that other applications could be exploited in the same way. Others have argued that it’s Firefox’s responsibility to vet incoming data (something 2.0.0.5 now does).

You should be presented with an update offer within the next 24 hours or you can activate it now by going to Help then select Check for Updates… See complete Firefox 2.0.0.5 Release Notes for full details of this upgrade.

Also for those Fx 2.0 users on the Nightly Channel, you should start getting updates labeled as version 2.0.0.6pre in next couple days.

Attention Firefox 1.5 Users: There is NOT a security update for the Firefox 1.5 builds. Mozilla no longer supports these builds as of May 30th with the release of Firefox 1.5.0.12. Users are strongly urged to upgrade to Firefox 2.0!!!

1 Comment on Fx 2.0.0.5 Released with Fix for firefoxurl:// Exploit

  1. of course it’s microsoft’s fault. they still have security vulnerabilities in IE7 that came from version 3,4,5, of IE

1 Trackbacks & Pingbacks

  1. Blog Year in Review: July 2007 « Firefox Extension Guru’s Blog

Comments are closed.