Firefox 2.0.0.10 Is Here

By | November 28, 2007


Firefox 2.0.0.10Firefox 2.0.0.10 is now released and fixes a total of 3 security vulnerabilities.

  • MFSA 2007-39 – Referer-spoofing via window.location race condition
  • Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks… Read more

  • MFSA 2007-38 – Memory corruption vulnerabilities (rv:1.8.1.10)
  • MFSA 2007-37 – jar: URI scheme XSS hazard
  • The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format.
    Jesse Ruderman and Petko D. Petkov point out this means that sites that allow users to upload binary content in zip format are effectively allowing users to install web pages on their site, and these can be used to perform Cross-Site Scripting (XSS) attacks… Read more

    Download Firefox 2.0.0.10.

    Don’t miss the news. Subscribe to our RSS Feed.


    About (Author Profile)


    Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.