Firefox 2.0.0.5 patches "critical" flaws

Keywords: Match:

Jul. 18, 2007

Mozilla today released Firefox 2.0.0.5, the latest update to the group's flagship browser. The update patches eight security vulnerabilities, three of them "critical" and two "high," the group said.

Most existing Firefox 2 users will be alerted to the new version by the software update feature built into the browser. Firefox 2 users who "check for updates" manually (from the Help menu) will see a message saying "Firefox 2.0.0.5 -- It is strongly recommended that you upgrade Firefox as soon as possible."

The Mozilla Security Advisories web page lists eight patches, three of them critical (red) and two high (orange). The advisories are:

MFSA 2007-25: XPCNativeWrapper pollution (moderate)
MFSA 2007-24: Unauthorized access to wyciwyg:// documents (high)
MFSA 2007-23: Remote code execution by launching Firefox from Internet Explorer (critical)
MFSA 2007-22: File type confusion due to %00 in name (low)
MFSA 2007-21: Privilege escalation using an event handler attached to an element not in the document (critical)
MFSA 2007-20: Frame spoofing while window is loading (low)
MFSA 2007-19: XSS using addEventListener and setTimeout (high)
MFSA 2007-18: Crashes with evidence of memory corruption (critical)

The previous release (v2.0.0.4; May 31, 2007), fixed five vulnerabilities, one critical.

The Firefox 2.0.0.5 Release Notes have more details about the new release.

Firefox 2.0.0.5 is available for Linux, Windows, and Mac OS X in a wide variety of languages for free download, here. It's a 5.7 MB file and typically takes about 20 to 40 seconds to download on a broadband connection.

For those wishing to be on the cutting edge of the browser wars, a Firefox 3 alpha (Gran Paradiso) is available for testing purposes. You can grab that one here.

Related stories:

(Click here for further information)

Approaching the Linux Desktop
The purpose of this paper is to help organizations evaluate the Linux desktop against their own enterprise needs and discover what benefits the Linux desktop might bring to their organizations.

Migrating To Linux: Application Challenges and Solutions
Several solutions exist to help organizations migrate in an orderly fashion from Windows to Linux desktops. This paper establishes the characteristics of an ideal cross-platform solution and reviews these alternatives in light of this ideal standard. The paper takes a closer look at the pros and cons of various solutions and outlines the business benefits that can be achieved.

Linux Advantages: Publicly Available Information on Linux Software
This paper offers a brief summary of readily-available Linux information to help businesses sort out this widely misunderstood operating system.

Top 5 Strategies for Managing Linux
Despite continuous evolution in the manageability of Linux, a 2006 survey cited manageability concerns as a top reason why organizations are hesitating to adopt Linux. Levanta believes Linux can be as manageable, if not more so, than other operating systems by following key strategies. These strategic recommendations were developed from experiences in numerous customer environments, both large and small.

Why Choose Novell for Linux?
This paper outlines the benefits of switching to the Linux platform and choosing Novell as a high-performance, enterprise solution.

Enterprise Linux Selection Guide
Considering moving your enterprise to the Linux operating system? Since there are so many similar versions, choosing the right one can be tough. This paper offers a clear process to help you make an informed decision and get the features, support, and cost that are right for your business and technical needs.

Overcoming Challenges in Managing Linux
Levanta has created a new administration model with innovative technology that breaks down the barriers to making the most of Linux systems. This paper will provide an in-depth look at the workings of Levanta’s product, the first Linux appliance of its kind.

SUSE Linux Enterprise 10 for Retail Businesses
Discover why major retailers have switched to SUSE Linux Enterprise Desktop in the back office. SUSE Linux Enterprise Desktop 10 is a low-cost desktop that offers a complete set of productivity applications and interoperates seamlessly with the other Windows, Macintosh and UNIX desktops in your store.

Moving to a Linux Desktop
Migrating from Windows to Linux on the desktop can be a substantial undertaking because it has the potential for touching -- and perhaps disrupting -- every user in your organization. Unlike a data center (server and infrastructure) migration that is largely transparent to users, the cultural and administrative transitions and environment readiness required to support a Linux desktop migration are extensive.

Seven Good Reasons to Exchange Exchange
This paper describes seven compelling reasons why you should switch from Exchange to Scalix.

Got a HOT tip? please tell us!

ADVERTISEMENT
(Advertise here)

Resource Library

Popular recent stories: • Linux an equal Flash player • Linux, netbooks threaten Microsoft's fat profits • gOS 3.0 goes gold • Browser swallows OS • Lenovo denies ditching Linux • Lightweight, Linux-compatible browser evolves • GNOME 2.24 gains "Empathy" IM • Review: Pardus Linux • Ubuntu to fund Linux development • Ubuntu "Intrepid Ibex" available All-time Classics: • Choosing a desktop Linux distro • Banshee -- the next best thing to Linux iTunes • Running World of Warcraft on Ubuntu • A simple Linux backup method • The Best Free Desktop Linux . . . and how to make it better • Linux-powered Asus Eee PC mini-laptop arrives • The well-tempered Debian desktop • Lenovo launches a netbook • What's the best Linux for beginners? • Getting to know Puppy Linux • Xandros 4: The best desktop Linux for Windows users • VirtualBox: The best virtualization program you've never heard of Linux-Watch headlines: • GPLv2 copyright suit targets 14 firms • Amid controversy, Microsoft launches open source foundation • As open source surges, Microsoft admits Linux threat • Open source lobbying group emerges • Open source Linux device drivers submitted by -- Microsoft? • Google names Chrome OS partners • Google's new OS marries Linux and Chrome • Debian plans draw sharp warning from GNU guru • OpenSource World announces keynote speakers • Linux 2.6.30 gets new filesystems Join our Desktop Linux discussion forums: • Moving to Linux • Linux/Windows debate! • Linux Q&A; . . . and more	Visit the...

BREAKING NEWS

• Open source nettop designed from survey requests
• Free training webinars feature Linux luminaries
• Second Lucid Lynx alpha said to offer 15-second start-ups
• Ubuntu books span Koala and Lynx distros
• Chrome OS gets faster Zero build
• Linux job site launches
• SUSE Moblin to ship on MSI's Pinetrail netbook
• HP's netbook triplets step up to Atom N450
• O'Reilly seeks proposals for July open source conference
• Shuttleworth steps down as Ubuntu 10.04 alpha steps up
• Open source Silverlight clone rev'd
• Cloud-oriented netbook distro arrives in beta
• Southern California Linux conference seeks papers
• Ubuntu-ready Dell desktop looks like a nettop
• Sugar on a Stick adds ebook support

Linux Netbooks

Linux smartphones!

news feed

Or, follow us on Twitter...

Home \| News \| Articles \| Forum \| Polls \| About \| Contact

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| Channel News
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep
Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.

Home \| News \| Articles \| Forum \| Polls \| About \| Contact

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| Channel News
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep
Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.