blob: 850a18e3d5fffef37314c82b1a2cc76ca299e4be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
Mozilla has pushed out a new version of Firefox 2 that includes a patch for the high-profile vulnerability that allows attackers to use Internet Explorer to [trick Firefox into executing remote code][1].
There has been much debate over whether the vulnerability was Firefox's fault or IE's fault, but arguably both browsers were at fault since neither one escaped or sanitised the URLs being passed.
Whatever the case, Firefox has patched things from its end.
Several other security fixes are included in Firefox 2.0.0.5 -- the [release notes][2] have more information and specific fixes can be viewed [here][3].
Firefox 2.0.0.5 can be downloaded from the Firefox product page.
[1]: http://www.mozillazine.org/talkback.html?article=22198
[2]: http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/#whatsnew
[3]: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
|
