The guys over at the Mozilla Foundation have release a new update for the Firefox. The release is version 2.0.0.5 of Firefox includes a total of eight security fixes. 

The fixes include three fixes for critically rated security issues, two for highly rated issues, one moderate and two low risk issues.

MFSA 2007-18 is the first of the critically rated issues and addresses a number of issues that revolve around crashes some of which could result in ‘memory corruption’ (i.e. Stack or Heap Overflows). MFSA 2007-21 is a privilege escalation using an event handler attached to an element not in the document, the issue allows the the attacker to execute code with the privileges of ‘chrome’. The final critically rated issue is MFSA 2007-23, this addresses a problem of remote code execution when Firefox is launched by Internet Explorer. This vulnerability occurs when a user clicks on a specially crafted link when viewing a page in Internet Explorer that causes Firefox to be executed. It should be noted that this issue is also a problem with Internet Explorer and this patch only fixes the part the affects Firefox and not the problem within Internet Explorer.

The high risk vulnerabilities are MFSA 2007-19, which is a Cross Site-Scripting vulnerability by exploiting a timing issue with addEventListener and setTimeout. MFSA 2007-24 is the final high risk issue and relates to an issue reported by Michal Zalewski. The issue is that it is possible to bypass the same-origin checks and read from cached documents using wyciwyg:// to access documents without proper same domain checks.

The moderately rated issue is MFSA 2007-25 , this issue relates to a problem whereby XPCNativeWrapper could be polluted to allow execution of user-supplied code. The low risk issues are MFSA 2007-20 and MFSA 2007-22, the first relates to a frame spoofing while window is loading issue, the second relates to a file name handling issue when processing a filename URL with a %00 (encoded null) in it under Windows.

As usual time to patch, the Firefox patcher should do this for you, however if it does or you turned updates off, take a trip to the Mozilla site and grab the latest here.

Add this page to your favorite Social Bookmarking websites