Firefox patch imminent

Mozilla said that it plans to release Firefox 2.0.
Written by Larry Dignan, Contributor

Mozilla said that it plans to release Firefox Feb. 7 or Feb. 8. The release will fix a high severity vulnerability.

The vulnerability, which was given a severity rating on Jan. 29, allows an attacker to swipe cookies and other critical data that can leak out of Firefox via flat files (add-ons). In a brief post, Mozilla said:

Since the security of our users is of utmost importance, the release schedule for Firefox is being pushed up as much as possible, with a current release date estimated to be February 7th or 8th.

On Jan. 29, Mozilla security chief Window Snyder said the vulnerability will be patched with Firefox, which will be pushed out “shortly.”

On Jan. 22, Snyder confirmed a proof of concept vulnerability discovered by researcher Gerry Eisenhaur on Jan. 19. Simply put, Firefox leaks information that can allow an attacker to load any javascript file on a machine. This “chrome protocol directory transveral” is in play whenever there are “flat” files–common in add ons–are installed.

Editorial standards