MozillaZine

Mozilla Firefox 2.0.0.10 Released

Tuesday November 27th, 2007

The Mozilla Corporation has released Mozilla Firefox 2.0.0.10, patching three security holes in the world's second most-popular browser. All three flaws, which are detailed in the Firefox 2.0.0.10 section of the Mozilla Foundation Security Advisories page, are rated as high impact by Mozilla, which is the second most serious of the four vulnerability levels.

The first bug is a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information (a proof of concept has been published demonstrating how the contacts of logged-in Gmail users can be stolen). Firefox 2.0.0.10 also fixes three stability bugs, which could be exploited to corrupt memory and potentially execute arbitrary code. The final issue relates to a race condition when setting the window.location property, which could be used to spoof a HTTP Referer header.

Most existing Firefox users will receive 2.0.0.10 through the browser's built-in software update system or their operating system's upgrade mechanism. The release can also be downloaded from the Mozilla Firefox product page. More information about the new version can be found in the Firefox 2.0.0.10 Release Notes.

All the vulnerabilities fixed in Firefox 2.0.0.10 are also present in the latest SeaMonkey 1.1.6 release. An equivalent 1.1.7 update for the community-driven browser is expected shortly.


#9 Firefox 2.0.0.10 updater is crashing.

by larryscofiel

Friday November 30th, 2007 6:20 AM

You are replying to this message

I am having a problem with the auto-updater and 2.0.0.10.

A couple of days ago when the auto updater tried to install 2.0.0.10 it crashed. Then Windows no longer recognized Firefox as a Win32 program and would not start it.

To work around this, I had to manually download 2.0.0.10 again, then manually install it. After that everything worked fine for a couple of days, until the updater downloaded 2.0.0.10 again! Next time I started Firefox the updater tried to install 2.0.0.10 all over, and again crashed with the same results. Fortunately I still had Firefox Setup 2.0.0.10 so the workaround was to rerun the setup.

My system is running Windows XP Pro, SP2, on a Compaq SR1650NX with 1 GB of RAM. The CPU is an AMD Athlon 64 3500+. The system works well with everything else, so I really do not think the problem is with my computer.