The Mozilla web browser Firefox and derived products like Thunderbird, SeaMonkey and the Netscape Browser contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
To solve this problem, Mozilla Foundation, the nice people behind Firefox have just released a very important security release, so if you’re running Firefox, you need to go grab the latest release right away.
The following security issues have been fixed:
- XUL Popup Spoofing
- XSS using add Event Listener
- Path Abuse in Cookies
- Persistent Auto complete Denial of Service
- Crashes with evidence of memory corruption
According to Mozilla, also in this release are more enhancements and fixes for Windows Vista with the following caveats:
Clicking links in some applications (e.g. some instant messaging programs) might not open them in Firefox, even if you have set it as your default browser. To workaround this problem, go to Start -> Default Programs -> Set default programs for this computer, expand custom, select the radio button next to the app you want to set as the system wide default app (e.g. Firefox, etc.), and apply.
A Windows Media Player (WMP) plugin is not provided with Windows Vista. As a workaround, in order to view Windows Media content, you can follow these instructions. Note that after installing you may have to get a security update and apply it before you can see the content in the browser.
Vista Parental Controls are not completely honored. In particular, file downloads do not honor Vista’s parental control settings. This will be addressed in an upcoming Firefox release.
When migrating from Internet Explorer 7 to Firefox, cookies and saved form history are not imported.
I personally think you shouldn’t be running Vista on your machine as it’s still so very buggy and Windows XP SP2 is pretty solid these days.
For those of you wondering, on my computers I run both Windows XP Pro SP2 and Fedora Core 5 and 6.
