The latest update of Firefox, version 2.0.0.12, available for download today, includes patches for the following security deficiencies: Web forgery flaw, browsing history and forward navigation stealing, and the directory traversal via chrome.
The latest Firefox security advisory noted on the Known Vulnerabilities in Mozilla Products site lists the following vulnerabilities as having been patched.
- Web forgery overwrite with div overlay
- URL token stealing via style sheet redirect
- Mishandling of locally-saved plain text files
- File action dialog tampering
- Web browsing history and forward navigation stealing
- Directory traversal via chrome: URI
- Stored password corruption
- Privilege escalation, XSS, Remote Code Execution
- Multiple file input focus stealing vulnerabilities
- Crashes with evidence of memory corruption (rv:1.8.1.12).
It is highly recommended that you update immediately by clicking on Help - Check for Updates in FireFox.
