Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FireFox Update 2.0.0.6 Is Now Available - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FireFox Update 2.0.0.6 Is Now Available

Mozilla has issued an update to the FireFox browser.  This update resolves 2 security issues, one listed as critical and one listed as moderate.

This update resolves the "Unescaped URIs passed to external programs" vulnerability.

Mozilla Foundation Security Advisory 2007-27 - MFSA 2007-27 - Critical

www.mozilla.org/security/announce/2007/mfsa2007-27.html

This update resolves the "Unescaped URIs passed to external programs" vulnerability.  This affects the way that information is passed to internal programs for handling. This can cause programs to misinterpret the information received.

 

Mozilla Foundation Security Advisory 2007-26  - MFSA 2007-26 - Moderate

www.mozilla.org/security/announce/2007/mfsa2007-26.html

This update resolves the " Privilege escalation through chrome-loaded about:blank windows".  From the Mozilla advisory: This could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window).

 

Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!