Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox 2.0.0.16 fixes two security vulnerabilities SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox 2.0.0.16 fixes two security vulnerabilities

The Mozilla Foundation has just released Firefox 2.0.0.16 which fixes two critical security vulnerabilities:

MFSA 2008-35 (CVE-2008-2933) Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 (CVE-2008-2785) Remote code execution by overflowing CSS reference counter

It should be noted that the second vulnerability would also affect users that run Thunderbird with Javascript enabled for e-mail reading. Needless to say this is a no-no. We recommend users to upgrade their Firefox installation. Firefox 2.x will still be supported only until mid-December, so investigating and planning an upgrade path to Firefox 3 is advised.

Maarten

158 Posts
Jul 16th 2008

Sign Up for Free or Log In to start participating in the conversation!