Firefox users should watch for an important update that addresses a serious security vulnerability. The Mozilla foundation has escalated a serious security vulnerability and version 2.0.12 will be pushed out soon, according to the developers blog. Most users will automatically update to the latest version, when it becomes available.
FF v2.0.12 release date currently targeted for 02/05/2008
http://wiki.mozilla.org/Releases
Mozilla ups unpatched Firefox flaw to high severity
http://blogs.zdnet.com/security/?p=841&tag=nl.e539
* The chrome library protocol handling issue is proof-of-concept only (no in-the-wild attacks noted so far)
* An attacker can use this vulnerability to collect session information, including session cookies and session history.
* Firefox 2.0.12 is being prioritized and will be pushed out soon
http://blog.mozilla.com/security/2008/01/29/status-update-for-chrome-protocol-directory-traversal-issue/
* Firefox is not vulnerable by default, however many users install add-ins (long list in link below)
Firefox Vulnerable Add-ins
https://bugzilla.mozilla.org/attachment.cgi?id=300181
* The most current version and release information can be obtained at:
Mozilla Firefox Home Page
http://www.mozilla.com/en-US/firefox/