The Mozilla Foundation today released Firefox 2.0.0.8, an update to the open-source browser. The update brings compatibility with Mac OS X 10.5 Leopard -- although a few issues still exist -- and several security fixes, including two labeled as critical flaws. Released just ahead of next week's release of Leopard, the Firefox update has problems with some media plugins as well as Add-ons that contain binary components. The release notes document problems with rendering, issues when closing other tabs (when 20 or more are open), and when viewing Macromedia Flash content on Intel-based Macs. "To work around this problem, users can remove or move the PowerPC version of 'Flash Player Enabler.plugin' from /Library/Internet Plug-Ins folder," the notes added.

The developers also note that the there is no "Talkback" feature on Intel-based Macs when running natively or under Rosetta. "Talkback" typically sends information about a crash or bug to the developers so it can be fixed. Instead, the Apple Crash report program should launch in the event of application crashes, the notes said.

The browser update also fixes a critical security flaw that would allow malicious sites to locally execute JavaScript code in a webpage with the same privileges as the user. "Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same privileges as the user," the developers noted.

In addition critical memory corruption errors were fixed, helping the overall stability of the product. While no specific flaw was known for the memory corruption bugs, the developers "presumed that with enough effort at least some of these could be exploited to run arbitrary code."

Overall, eight specific security fixes were identified as resolved in the latest update.