Mozilla released an important update to the Firefox web browser today. The new Firefox 184.108.40.206 fixes a critical flaw that enables a hacker to control a user’s computer. Ironically, this was done by letting the hacker launch Firefox through Internet Explorer, and then Firefox would run malicious instructions that could compromise their system.
Firefox 220.127.116.11 fixes a total of 8 security related bugs: 3 are critical, 2 are high-priority, 1 is moderate, and 2 are minor. Aside from those there are an additional 91 stability fixes with 15 of those being related to Firefox crashing. So this version offers more than just significant security fixes.
No one is quite sure whether the big security bug is Internet Explorer’s fault for passing insecure data to another application, or whether it was Firefox’s fault for not validating the input. At least Mozilla stepped up to fix it before it turned into a widespread vulnerability. And just because Firefox has patched this issue doesn’t mean that you are in the clear from the attack. It was recently discovered that Trillian is also affected when using the AIM portion, and it is expected that other applications are susceptible to the attack as well.
Note: A similar update for Thunderbird is expected shortly.
Download Firefox 18.104.22.168 – It doesn’t appear that Mozilla has enabled the automatic updates through Firefox at this time, so you will have to download it if you don’t want to wait.