Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Firefox 2.0.0.16 fixes two security vulnerabilities - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox 2.0.0.16 fixes two security vulnerabilities

The Mozilla Foundation has just released Firefox 2.0.0.16 which fixes two critical security vulnerabilities:

MFSA 2008-35 (CVE-2008-2933) Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 (CVE-2008-2785) Remote code execution by overflowing CSS reference counter

It should be noted that the second vulnerability would also affect users that run Thunderbird with Javascript enabled for e-mail reading. Needless to say this is a no-no. We recommend users to upgrade their Firefox installation. Firefox 2.x will still be supported only until mid-December, so investigating and planning an upgrade path to Firefox 3 is advised.

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!