Tech

Firefox patch imminent

Mozilla said that it plans to release Firefox 2.0.

Written by Larry Dignan, Contributor Feb. 5, 2008 at 7:38 p.m. PT

Mozilla said that it plans to release Firefox 2.0.0.12 Feb. 7 or Feb. 8. The release will fix a high severity vulnerability.

The vulnerability, which was given a severity rating on Jan. 29, allows an attacker to swipe cookies and other critical data that can leak out of Firefox via flat files (add-ons). In a brief post, Mozilla said:

Since the security of our users is of utmost importance, the release schedule for Firefox 2.0.0.12 is being pushed up as much as possible, with a current release date estimated to be February 7th or 8th.

On Jan. 29, Mozilla security chief Window Snyder said the vulnerability will be patched with Firefox 2.0.0.12, which will be pushed out “shortly.”

On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed.

Editorial standards

Show Comments

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Firefox patch imminent

Related

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

The best AI image generators to try right now