Mozilla issues security updates for Firefox 2 and 1.5
Mozilla has released Firefox 2.0.0.4 and Firefox 1.5.0.12 to address six security vulnerabilities. Most users will automatically receive this update and be asked to restart Firefox to install it. This update will probably be the final one for Firefox 1.5. As such, Mozilla provides an easy upgrade path for current 1.5 users to upgrade to 2.0. All Firefox users are urged to install this update, as it addresses the following security issues CVE-2007-2871 (XUL Popup Spoofing); CVE-2007-2870 (XSS using addEventListener); CVE-2007-1362 (Path Abuse in Cookies) CVE-2007-2869 (Persistent Autocomplete Denial of Service) CVE-2007-2867 and CVE-2007-2868 (Crashes with evidence of memory corruption).
This update also enhances Firefox support within the Windows Vista operating system, although links within some applications still may not open in Firefox even if you have chosen Firefox as your default browser; a Windows Media Player plug-in still doesn't exist for Firefox; Windows Vista Parental Controls are not completely honored yet within Firefox; and cookies and saved forms from Internet Explorer still have to be manually imported. Mozilla has posted workarounds for these.
Finally, this release of Firefox adds language support for Afrikaans and Belarusian.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
I use OS 10.4.9 (Tiger), and my current Firefox is version 2.003. Any suggestions for how to find out just who should be updating Firefox? Only Vista users?as implied in the Security article? If not, which Mac users need this, too? The item for download at Mozilla didn't show any specs.
Thanks, folks.