Mozilla Firefox Released

Saturday July 19th, 2008

Mozilla Firefox was released this week. The stability and security update to Firefox 2 fixes two security bugs, which are detailed in the Firefox section of the Security Advisories for Firefox 2.0 page. Both are rated Critical, the highest of the four ratings.

One flaw is related to how Firefox handles command-line URLs to open multiple tabs and allows an attacker to open potentially malicious URLs in Firefox from another application. One variant of this attack exploits the widely-reported Safari carpet-bombing vulnerability but others also exist. Somewhat ironically, the exploit relies on Firefox not being open at the time of the attack.

The other vulnerability allows an attacker to crash and run arbitrary code on a victim's computer by overflowing a CSS object reference counter. The detailed bug reports for both issues are currently access-restricted to avoid assisting attackers but will be fully opened after users have had some time to install Firefox

Although Firefox 3 was released in June and all users are encouraged to upgrade, Firefox 2 will be maintained with security and stability upgrades until mid-December 2008, according to the Mozilla Developer News weblog, which reported on the release of Firefox on Tuesday. Version is the second Firefox 2 update to be released since the launch of Firefox 3 and follows on from Firefox, which fixed twelve security issues.

Existing Firefox 2 users will be offered via the browser's built-in software update feature if enabled. It can also be downloaded from the older Firefox releases page or the Firefox directory on, where it is available in over forty localizations for Windows, Mac OS X and Linux. The Firefox Release Notes contain more general information about the upgrade.

#8 My Question

by FIELDS <ouranos@sezampro.yu>

Monday September 22nd, 2008 8:04 AM

You are replying to this message

Mozilla Firefox (MFF) 2_00_16, and 3_0_1 in particular (!), crashes too frequently with my platform (WinXP, SP2). Is MFF 3_0_1 made basically for Vista? 'Fields"