Mozilla has released a new version of its flagship Firefox browser with fixes for
five six security vulnerabilities, one carrying a "critical" rating.
The most serious issue addressed in today's Firefox 220.127.116.11 update pertains to browser crashes with evidence of memory corruption. This fix (MFSA 2007-12) rolls up several bug fixes that, under certain conditions, could presumably lead to code execution attacks.
The update also fixes a high-risk cross-site scripting flaw, an XUL pop-up spoofing bug, a vulnerability that could allow path abuse in cookies, a hole in APOP authentication and a persistent auto-complete denial-of-service flaw.
So far this year, Mozilla has issued shipped fixes for 17 Firefox security issues.
As expected, Mozilla also shipped the final Firefox 1.5 version with patches for the flaws discussed above. This version of Firefox 1.5 includes an auto-update mechanism to migrate users to the more secure/stable Firefox 2 versions.
Firefox 18.104.22.168 is available for download here but all users are encouraged to upgrade to Firefox 2.
Over the coming weeks, Mozilla will be presenting 22.214.171.124 users with a notification message that will offer users a "major update" to Firefox 2. Upon confirmation, a user’s browser will be upgraded from 126.96.36.199 to 188.8.131.52, according to a post on the Mozilla Developer blog.