Firefox 2.0.0.12 Security Update released, 10 Vulnerabilities Fixed

Firefox logo Mozilla has released Firefox version 2.0.0.12, issuing 10 patches for the browser, which includes three fixes for critical vulnerabilities.

First on the list is MFSA 2008-06, which is a problem in the way the browser manages images on certain web pages. Speaking about the repercussions of the flaw, Firefox maintained that it could be exploited to filch a person’s web browsing history, forward that data and then crash the browser. In addition, it may also be possible to run arbitrary code on a machine.

The second critical flaw has the capacity to allow a privilege escalation attack or remote code execution.

And finally the last critical issue, includes memory corruption flaw, about which Mozilla stated that “we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

Furthermore, a problem for Mozilla’s user interface, which is fondly termed as “chrome” protocol, has also been worked on. The problem which has been classified as a “high-severity issue” involves some of Firefox’s downloadable add-ons, or applications which broaden browser functionality.

With this flaw, an attacker can gain info on the applications that are deployed on an individual’s system, rendering clues on how the machine can be compromised. However, the vulnerability can be exploited only and only if the user gets attracted to a special malicious web page that is specially developed to take advantage of the vulnerability.

In addition, Firefox 2.0.0.12 also fixed an error which is caused while displaying timer-enabled security dialogs, which could be exploited by attackers to ploy a user into accidentally confirming a security dialog by bringing the dialog back into focus exactly before a user clicked in a predictable time and place.

To download Firefox 2.0.0.12, click here.