MozillaZine

Mozilla Firefox 2.0.0.10 Released

Tuesday November 27th, 2007

The Mozilla Corporation has released Mozilla Firefox 2.0.0.10, patching three security holes in the world's second most-popular browser. All three flaws, which are detailed in the Firefox 2.0.0.10 section of the Mozilla Foundation Security Advisories page, are rated as high impact by Mozilla, which is the second most serious of the four vulnerability levels.

The first bug is a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information (a proof of concept has been published demonstrating how the contacts of logged-in Gmail users can be stolen). Firefox 2.0.0.10 also fixes three stability bugs, which could be exploited to corrupt memory and potentially execute arbitrary code. The final issue relates to a race condition when setting the window.location property, which could be used to spoof a HTTP Referer header.

Most existing Firefox users will receive 2.0.0.10 through the browser's built-in software update system or their operating system's upgrade mechanism. The release can also be downloaded from the Mozilla Firefox product page. More information about the new version can be found in the Firefox 2.0.0.10 Release Notes.

All the vulnerabilities fixed in Firefox 2.0.0.10 are also present in the latest SeaMonkey 1.1.6 release. An equivalent 1.1.7 update for the community-driven browser is expected shortly.


#1 Buggy?

by roachsrealm

Tuesday November 27th, 2007 11:14 AM

Reply to this message

Just after the update, no none of my links work. I cannot get to any webpage through the firefox browser. IE still works just fine (shudders), and everything else says I am connected. Restart and a reinstall didn't fix this... ideas?

#4 Re: Buggy?

by AlexBishop <alex@mozillazine.org>

Tuesday November 27th, 2007 11:47 AM

Reply to this message

Do you have a firewall or other security software installed on your computer? It's possible that it no longer recognises Firefox as safe because the executable has changed. You may need to re-whitelist it.

Alex

#5 Re: Re: Buggy?

by roachsrealm

Tuesday November 27th, 2007 12:07 PM

Reply to this message

hey, that was it! working like a charm now. thanks for the help.

#2 *yawn*

by roseman

Tuesday November 27th, 2007 11:32 AM

Reply to this message

My 2.0.0.10 auto update from within FF went smoothly, no problem.

#3 buggy

by vincemue

Tuesday November 27th, 2007 11:34 AM

Reply to this message

for me now no ad on works... its only blanko! horrible

#6 pages not displaying properly

by horsehead

Tuesday November 27th, 2007 1:17 PM

Reply to this message

After the 2.0.0.10 update some webpages now display like PDA versions with limited graphic displays.

#7 Rumor says FF-2.0.0.11 might be here 11.30.2007

by roseman

Thursday November 29th, 2007 8:57 AM

Reply to this message

"New Firefox 2.0.0.11 update on its way" according to: <http://mozillalinks.org/w…-20011-update-on-its-way/>

And also according to: <https://bugzilla.mozilla.…rg/show_bug.cgi?id=405584>

Where one poster says: "The release of 2.0.0.11 is _tentatively_ scheduled for Friday 30th Nov. If that comes off it'll be the fastest turnaround between Firefox releases to date (ie, it relies on everything in the release process going without a hitch)."

Guess something broke in the 2.0.0.10 revision (canvass/drawimage or some such).

#10 FF-2.0.0.11 is available now

by roseman

Friday November 30th, 2007 2:20 PM

Reply to this message

FF-2.0.0.11 "stability" update is available now (from the usual places).

#11 Re: FF-2.0.0.11 is available now

by roseman

Friday November 30th, 2007 4:53 PM

Reply to this message

#12 Re: Re: FF-2.0.0.11 is available now

by rlueke

Friday November 30th, 2007 9:52 PM

Reply to this message

Just downloaded 2.0.0.11 and don't see any change....................

When opening Home Page in place of Ads I get Quick Time Logo with ? in the center. Some movie clips will not play, get same thing. Also Browser is slower in responding. IE all works well. Have Windows XP SP2 w/ 2.8G

RWL

#8 2.0.0.10 Ads and Quicktime not displaying/working

by rlueke

Thursday November 29th, 2007 5:38 PM

Reply to this message

When opening Home Page in place of Ads I get Quick Time Logo with ? in the center. Some movie clips will not play, get same thing. Also Browser is slower in responding. IE all works well.

What is re-whitelist it ???

RWL

#9 Firefox 2.0.0.10 updater is crashing.

by larryscofiel

Friday November 30th, 2007 6:20 AM

Reply to this message

I am having a problem with the auto-updater and 2.0.0.10.

A couple of days ago when the auto updater tried to install 2.0.0.10 it crashed. Then Windows no longer recognized Firefox as a Win32 program and would not start it.

To work around this, I had to manually download 2.0.0.10 again, then manually install it. After that everything worked fine for a couple of days, until the updater downloaded 2.0.0.10 again! Next time I started Firefox the updater tried to install 2.0.0.10 all over, and again crashed with the same results. Fortunately I still had Firefox Setup 2.0.0.10 so the workaround was to rerun the setup.

My system is running Windows XP Pro, SP2, on a Compaq SR1650NX with 1 GB of RAM. The CPU is an AMD Athlon 64 3500+. The system works well with everything else, so I really do not think the problem is with my computer.

#13 The Security Center doesn't present a good image

by bjherbison <bj@herbison.com>

Sunday December 2nd, 2007 2:39 PM

Reply to this message

The Mozilla Security Center at <<http://www.mozilla.org/security/>> makes it look like Mozilla doesn't care about security. It currently lists Firefox 2.0.0.8 as the latest security update. (And this isn't the first time that security patch information hasn't been placed there.)

To give people confidence in the security of Mozilla products a change needs to be made in the release process to put explicit consideration the Security Center on the list of actions taken.

B.J.

#14 Just a shame

by rixbad <weikel51@gmail.com>

Tuesday December 4th, 2007 4:04 PM

Reply to this message

I don't know what's going on at Mozilla, but what was a fine browser once, is not much more than a pain in the um, neck now. I just have time to put everything back the way it was every time my browser decides it was working too well ( which hasn't been for a while). Opera? It's fast, and Firefox has been bogging down the whole computer. Fire fox, hate to do it, but you gotta go.

#15 Image Toolbar

by siff42

Tuesday December 4th, 2007 6:24 PM

Reply to this message

Any chance that we can get an updated version of FF Image Toolbar that will work with this release?

#16 Image Toolbar

by siff42

Tuesday December 4th, 2007 6:42 PM

Reply to this message

Any chance that we can get an updated version of FF Image Toolbar that will work with this release?