Mozilla has released Firefox 220.127.116.11, an update that address three security flaws.
The update issued Monday fixes a Java Archive handling vulnerability
found in February that allows an attacker to hide exploit code in a
Java Archive (.jar) file. It also fixes a memory corruption bug and a
flaw that allowed an attacker to generate a fake HTTP Referer header
for conducting a Cross-site Request Forgery (CSRF) attack.
Each of the three vulnerabilities is rated "high" by Mozilla,
meaning the flaws could be used "to gather sensitive data from sites in
other windows or inject data or code into those sites, requiring no
more than normal browsing actions."
Full Story at informationweek.com