This post was published 1 year 9 months 20 days ago.
It\'s is possible that the information within this article is now out of date or updated.

Release Date: February 7, 2008

Security & Stability Update: This release fixes a number of security and stability issues discovered in Firefox 2.0.0.11.

 

Earlier Changes: For information about previous changes, please see the Firefox 2.0.0.11 Release Notes.

 

Firefox 2 Features: For an overview, please see Firefox 2 Features.

Fixed Security  Issues:

Critical- Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

• MFSA 2008-06 Web browsing history and forward navigation stealing
• FSA 2008-03 Privilege escalation, XSS, Remote Code Execution
• MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

High- Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.

• MFSA 2008-05 Directory traversal via chrome: URI

Moderate- Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.

• MFSA 2008-08 File action dialog tampering
• MFSA 2008-04 Stored password corruption
• MFSA 2008-02 Multiple file input focus stealing vulnerabilities

Low- Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have “High” impact because those are generally used to steal sensitive data intended for other sites.)

• MFSA 2008-11 Web forgery overwrite with div overlay
• MFSA 2008-10 URL token stealing via stylesheet redirect
• MFSA 2008-09 Mishandling of locally-saved plain text files

Source: Firefox release notes

gasusan2005 (1432 Posts) - Website | Twitter | Facebook