Mozilla Firefox 220.127.116.11 Released
Tuesday November 27th, 2007
The Mozilla Corporation has released Mozilla Firefox 18.104.22.168, patching three security holes in the world's second most-popular browser. All three flaws, which are detailed in the Firefox 22.214.171.124 section of the Mozilla Foundation Security Advisories page, are rated as high impact by Mozilla, which is the second most serious of the four vulnerability levels.
The first bug is a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information (a proof of concept has been published demonstrating how the contacts of logged-in Gmail users can be stolen). Firefox 126.96.36.199 also fixes three stability bugs, which could be exploited to corrupt memory and potentially execute arbitrary code. The final issue relates to a race condition when setting the
Most existing Firefox users will receive 188.8.131.52 through the browser's built-in software update system or their operating system's upgrade mechanism. The release can also be downloaded from the Mozilla Firefox product page. More information about the new version can be found in the Firefox 184.108.40.206 Release Notes.
All the vulnerabilities fixed in Firefox 220.127.116.11 are also present in the latest SeaMonkey 1.1.6 release. An equivalent 1.1.7 update for the community-driven browser is expected shortly.
#13 The Security Center doesn't present a good image
by bjherbison <firstname.lastname@example.org>
Sunday December 2nd, 2007 2:39 PM
You are replying to this message
The Mozilla Security Center at <<http://www.mozilla.org/security/>> makes it look like Mozilla doesn't care about security. It currently lists Firefox 18.104.22.168 as the latest security update. (And this isn't the first time that security patch information hasn't been placed there.)
To give people confidence in the security of Mozilla products a change needs to be made in the release process to put explicit consideration the Security Center on the list of actions taken.