Mozilla has pushed out updates to Firefox versions 2 and 3 to shore up 20 vulnerabilities, some of which could be exploited to launch remote code attacks.
Firefox 220.127.116.11 contains updates for 11 flaws -- six labeled critical, while Firefox 3.0.4 closes nine flaws -- four deemed critical.
The vulnerabilities could be exploited to execute a range of attacks, including arbitrary code injection, privilege escalation, cross-site scripting, denial-of-service, security bypass and information disclosure, according to a US-CERT alert.
Also on Wednesday, Mozilla released a new version of its open-source internet suite, SeaMonkey, which comes outfitted with the same fixes as Firefox 18.104.22.168.
Users are advised to upgrade to Firefox 3, as Mozilla plans to cut support for Firefox 2 around mid-December.
See original article on scmagazineus.com
New security updates for Firefox 2 and 3
By Dan Kaplan on Nov 14, 2008 9:23AM