Firefox patch imminent

Summary:Mozilla said that it plans to release Firefox 2.0.

Mozilla said that it plans to release Firefox 2.0.0.12 Feb. 7 or Feb. 8. The release will fix a high severity vulnerability.

The vulnerability, which was given a severity rating on Jan. 29, allows an attacker to swipe cookies and other critical data that can leak out of Firefox via flat files (add-ons). In a brief post, Mozilla said:

Since the security of our users is of utmost importance, the release schedule for Firefox 2.0.0.12 is being pushed up as much as possible, with a current release date estimated to be February 7th or 8th.

On Jan. 29, Mozilla security chief Window Snyder said the vulnerability will be patched with Firefox 2.0.0.12, which will be pushed out “shortly.”

On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed.

Topics: Security, Browser

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.