Mozilla has shipped the eighth refresh of its flagship Firefox 2 browser to fix at least 10 vulnerabilities affecting Windows and Linux users.
The latest Firefox 220.127.116.11 update includes another two patches rated "critical" because of the risk of code execution.
[It is] possible to use the
Mozilla also released (MFSA 2007-29) to fix two vulnerabilities found that could cause browser crashes "with evidence of memory corruption."
The latest update, which now supports Mac OS X Leopard, includes another fix (MFSA 2007-36) for the URI protocol handling issue that has haunted Windows users all year; a bug (MFSA 2007-34) that makes it possible to steal files through the SFTP protocol and a flaw (MFSA 2007-33) that allows XUL pages to hide the window titlebar.
It also fixes a file input focus stealing vulnerability (MFSA 2007-32); a browser digest authentication request splitting flaw (MFSA 2007-31) and an onUnload Tailgating issue MFSA 2007-30 that can lead to spoofing attacks.