Mozilla released updates for Firefox 1.5 and 2.0 earlier this week. Both versions include major security and stability fixes/patches. The Mozilla foundation also extended the support period for Firefox 1.5 from 24th April to June.
The security vulnerabilities fixed are the same for both browser generations.
According to Secunia the most severe issue is related to the JavaScript engine which can be exploited to cause memory corruption and potentially to execute arbitrary code.
Furthermore an error in the “addEventListener” method can be exploited to inject script into another site, circumventing the browser’s same-origin policy. This could be used to access or modify sensitive information from the other site.
Finally an error in the handling of XUL popups can be exploited to spoof parts of the browser such as the location bar.
Most FF 2.0 users will get the option to update automatically. If you are running an older version upgrade to Firefox 2.0.0.4 here, or Firefox 1.5.12 here. As always it’s better to be safe than sorry…
Visit Mozilla for more information and downloads/links concerning the 1.5.0.12 and 2.0.0.4 releases.