SillyDog701

Message Centre 3.0

Skip to content

Firefox 2.0.0.6 released

Firefox, Thunderbird, SeaMonkey, Camino, Mozilla, Netscape 6/7/8/9, and all Gecko-based browsers discussion and support forum.
(MozInfo701, Netscape Browser Archive)

Moderators: Antony, Edward, profman, Ramona

Post a reply

Firefox 2.0.0.6 released

Postby Antony » Mon 30 Jul, 2007 10:31 pm

Image
Mozilla Corporation has released Firefox 2.0.0.6. This version fixes two security vulnerabilities, correcting unescaped URIs passed to external programs and preventing privilege escalating through chrome-loaded [tt]about:blank[/tt] windows.

Less than two weeks ago (18th July), Mozilla Corporation released Firefox 2.0.0.5 correcting two critical security vulnerabilities. Firefox 2.0.0.4 was released on 30th May and Firefox 2.0.0.3 was released on 21st March this year.

Firefox 2.0.0.6 can be downloaded from Mozilla's download page. Firefox 2.0.0.6's Release Notes is also available.
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
User avatar
Antony
diamond member
diamond member
 
Posts: 14509
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby Fulvio » Tue 31 Jul, 2007 10:54 am

Some people got announcements. I did not, but when I selected Help|Check for Updates, I got the incremental update. No problem.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
A minority may be right, and a majority is always wrong
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b3
User avatar
Fulvio
Moderator
Moderator
 
Posts: 11915
Joined: Wed 19 Jun, 2002 10:08 am
Top

Postby Antony » Wed 01 Aug, 2007 8:35 pm

mozillaZine has a news report on this, Mozilla Firefox 2.0.0.6 Released. It says,
The more serious flaw involves Firefox not percent-encoding spaces and double quotes in URLs passed to helper applications, which can allow malicious webpages to open programs with potentially dangerous command line parameters. The other vulnerability is a privilege elevation bug involving extensions, which was accidentally introduced in Firefox 2.0.0.5.

The URL protocol handling flaw is a similar class of exploit to the firefoxurl:// URL vulnerability, which was fixed with the release of Firefox 2.0.0.5. In the original firefoxurl:// exploit, an attacker could use Microsoft Internet Explorer to launch Firefox with malicious command line parameters. In the flaw fixed in Firefox 2.0.0.6, Firefox is used as the attack vector to start other applications with dangerous arguments. The exploit could be extended to execute any program in a known location, possibly passing dangerous command line parameters.


It is interesting to note that Mozilla still blames Internet Explorer for the [tt]firefoxurl://[/tt] vulnerability (now fixed).
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
User avatar
Antony
diamond member
diamond member
 
Posts: 14509
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top
Post a reply

Return to Firefox, SeaMonkey and Netscape

Who is online

Registered users: Google [Bot], Yahoo [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac