Mozilla released updates for Firefox 1.5 and 2.0 earlier this week. Both versions include major security and stability fixes/patches. The Mozilla foundation also extended the support period for Firefox 1.5 from 24th April to June.
The security vulnerabilities fixed are the same for both browser generations.
Furthermore an error in the “addEventListener” method can be exploited to inject script into another site, circumventing the browser’s same-origin policy. This could be used to access or modify sensitive information from the other site.
Finally an error in the handling of XUL popups can be exploited to spoof parts of the browser such as the location bar.
Most FF 2.0 users will get the option to update automatically. If you are running an older version upgrade to Firefox 220.127.116.11 here, or Firefox 1.5.12 here. As always it’s better to be safe than sorry…