Mozilla on Friday released Firefox 2.0.0.12, an updated version of the upstart browser that has won over roughly one out of every five Internet users worldwide. The 2.0.0.12 update addresses 10 security advisories, three of which Mozilla classifies as critical.
One of the critical advisories has to do with the way that images are handled on Web pages with designMode frames, an HTML property that allows Web documents to be edited. The vulnerability could potentially be exploited to steal a user’s browsing history, crash Firefox, or execute arbitrary code. The second critical advisory has to do with memory corruption crashes in the browser engine used by Firefox and other Mozilla products like Thunderbird. The third outlines a flaw that could allow JavaScript privilege escalation and the ability to execute arbitrary remote code.
In its 2007 security report, Secunia analyzed a limited set of vulnerabilities that were disclosed publicly, before vendor notification, and found that Mozilla on average patched Firefox flaws more quickly thanMicrosoft patched holes in Internet Explorer.
Full Article
