Firefox IE HackerMozilla released an important update to the Firefox web browser today. The new Firefox 2.0.0.5 fixes a critical flaw that enables a hacker to control a user’s computer. Ironically, this was done by letting the hacker launch Firefox through Internet Explorer, and then Firefox would run malicious instructions that could compromise their system.

Firefox 2.0.0.5 fixes a total of 8 security related bugs: 3 are critical, 2 are high-priority, 1 is moderate, and 2 are minor. Aside from those there are an additional 91 stability fixes with 15 of those being related to Firefox crashing. So this version offers more than just significant security fixes.

No one is quite sure whether the big security bug is Internet Explorer’s fault for passing insecure data to another application, or whether it was Firefox’s fault for not validating the input. At least Mozilla stepped up to fix it before it turned into a widespread vulnerability. And just because Firefox has patched this issue doesn’t mean that you are in the clear from the attack. It was recently discovered that Trillian is also affected when using the AIM portion, and it is expected that other applications are susceptible to the attack as well.

Note: A similar update for Thunderbird is expected shortly.

Download Firefox 2.0.0.5 – It doesn’t appear that Mozilla has enabled the automatic updates through Firefox at this time, so you will have to download it if you don’t want to wait.

Source: Mozilla Links & MozillaZine
Thanks for the tip CoryC!

There Are 7 Comments

  1. I was notified through the automatic update function this afternoon.

  2. Yeah, it is currently available through the automatic update system. Thanks for the heads up, Ryan. Firefox usually doesn’t notify me automatically about these updates for a few days (reason unknown).

  3. Automatic Update kick in this morning GMT

  4. Downloaded it from their FTP site.

  5. Richard wrote:
    Automatic Update kick in this morning GMT

    Same here, I didn’t have to do one thing, pretty neat. ;)

  6. I got the automatic update later this afternoon, and I was also surprised at how fast Mozilla pushed this one through.

Leave Your Comment


Message is the only required field.
Emails are not published.