Even as Firefox 3 moves into beta, Firefox 2 is getting a security makeover.
The Mozilla Quality Assurance Community has called for volunteers
to help test Release Candidate Builds of Firefox 2.0.0.10, which is
expected to be released next week, following the Thanksgiving holiday.
Firefox 2.0.0.10 addresses a Java Archive handling bug that was
first reported back in February. The vulnerability allows a malicious
attacker to conduct a cross-site scripting attack by hiding exploit
code in a Java Archive (.jar) file. This is because the .jar protocol
is not restricted to .jar files and will open .zip files, which can be
malicious.
Full Story at informationweek.com