Firefox 2, 3 updated to fix 'carpet bomb' attack

View this article at: http://www.macnn.com/articles/08/07/17/firefox.2.and.3.updates/

Thursday, Jul 17, 2008 4:35pm

Firefox 2, 3 updated to fix 'carpet bomb' attack

In an unusual move, Mozilla has released updates to two versions of its Firefox web browser. The current browser has been updated to v3.0.1, while its otherwise outdated predecessor has been updated to 2.0.0.16. One of the reasons for the patching is a remedy to a potential "carpet bomb" attack against Windows users, who must have both Safari and Firefox installed on the same computer. The attack also requires that a person actually have Firefox closed, while still running another online application. Having even the unpatched browser up and active will prevent any intrusions.

Mozilla has additionally eliminated a bug in the browser's CSSValue array, which could have been used to generate a crash and execute malware. The bug is said to be in the Thunderbird 2 e-mail client as well, but a patch is not anticipated until July 23rd. In the meantime, worried users can disable Thunderbird's JavaScript support.