10 Patches, and More, for Firefox Users
Included in the patches are critical cross site scripting vulnerabilities.
Another day, another browser (or two) patched for security vulnerabilities.
This time, it's Mozilla updating its open source Firefox Web browsers to versions 3.0.5 and 220.127.116.11 for at least 10 different vulnerabilities, four of which are critical.
"Mozilla is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible," Mozilla developer Samuel Sidler wrote in a mailing list posting.
Changes to the Mozilla EULA had been under discussion since at least September of this year.
The issue among many supporters was whether Firefox needed a EULA, given that the software is open source. Mozilla has now replaced the EULA with a new "Know Your Rights" info bar on initial install, which explains what users are able to do with the software.
On the other hand, Mozilla's Security Advisory 2008-69 fixes XSS vulnerabilities in Firefox's SessionStore.
"Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains," Mozilla's advisory warns. "An attacker could utilize these issues to violate the browser's same-origin policy and perform an XSS attack while SessionStore data is being restored."