FireFox Updated

[vindictive666 (John)]

morning all

this is for firefox users

firefox has been updated to version 2.0.08

[Dujon]

They have indeed, John.

The update was in response to a highly critical security problem involving memory corruption and the possible use of such by malevolent twits.

Using Firefox? Go and get the update - NOW.

Click on 'Help', run down to 'Check for Updates' and then activate.

*****************

Sorry this is a bit long, but it is important.

From SECUNIA

CRITICAL:
Highly critical

IMPACT:
Spoofing, Manipulation of data, Exposure of sensitive information,
DoS, System access

WHERE:
>From remote

SOFTWARE:
Mozilla Firefox 2.0.x
http://secunia.com/product/12434/

DESCRIPTION:
Some vulnerabilities and a weakness have been reported in Mozilla
Firefox, which can be exploited by malicious people to disclose
sensitive information, conduct phishing attacks, manipulate certain
data, and potentially compromise a user's system.

1) Various errors in the browser engine can be exploited to cause a
memory corruption.

2) Various errors in the Javascript engine can be exploited to cause
a memory corruption.

Successful exploitation of these vulnerabilities may allow execution
of arbitrary code.

3) An error in the handling of onUnload events can be exploited to
read and manipulate the document's location of new pages.

4) Input passed to the user ID when making an HTTP request using
Digest Authentication is not properly sanitised before being used in
a request. This can be exploited to insert arbitrary HTTP headers
into a user's request when a proxy is used.

5) An error when displaying web pages written in the XUL markup
language can be exploited to hide the window's title bar and
facilitate phishing attacks.

6) An error exists in the handling of "smb:" and "sftp:" URI schemes
on Linux systems with gnome-vfs support. This can be exploited to
read any file owned by the target user via a specially crafted page
on the same server.

Successful exploitation requires that the attacker has write access
to a mutually accessible location on the target server and the user
is tricked into loading the malicious page.

7) An unspecified error in the handling of "XPCNativeWrappers" can
lead to execution of arbitrary Javascript code with the user's
privileges via subsequent access by the browser chrome (e.g. when a
user right-clicks to open a context menu).

This is related to vulnerability #6 in:
SA26095

SOLUTION:
Update to version 2.0.0.8.

[Jarrod]

done. Firefox alerted me of the update as soon I loaded it this morning. It's nice to know my computer's security is in good and capable hands.

Although It's still very important to be cautious when on the net.

Jarrod.

[ving (David)]

done and done!