Tuesday, November 27,2007 @ 11:20pm
Firefox 2.0.0.10 update tightens security
Mozilla today released Firefox 2.0.0.10, introducing three security fixes. The update prevents the race condition from being exploited when setting the "window.location" property, which can generate a fake HTTP Referer header and be used as a conduit for cross-site request forgery attacks. Other unspecified errors could be exploited to cause memory corruption, and allow for remote execution of malicious code. There have been no feature additions or interface enhancements with the latest release, but with the upcoming v3.0 release of Firefox, the existing version will most likely only see security and stability enhancements.
Apple issued security fixes with its recent updates for Tiger, Leopard, and Safari for Windows. The Leopard update fixed several issues with the firewall, while the Tiger update fixes AFP Kerberos authentication. Safari 3.0.4b fixes several issues related to malicious remote code execution.