Firefox v2.0.12 to be released soon - Major Security Issue
Firefox users should watch for an important update that addresses a serious security vulnerability. The Mozilla foundation has escalated a serious security vulnerability and version 2.0.12 will be pushed out soon, according to the developers blog. Most users will automatically update to the latest version, when it becomes available.
FF v2.0.12 release date currently targeted for 02/05/2008
Mozilla ups unpatched Firefox flaw to high severity
* The chrome library protocol handling issue is proof-of-concept only (no in-the-wild attacks noted so far)
* An attacker can use this vulnerability to collect session information, including session cookies and session history.
* Firefox 2.0.12 is being prioritized and will be pushed out soon
* Firefox is not vulnerable by default, however many users install add-ins (long list in link below)
Firefox Vulnerable Add-ins
* The most current version and release information can be obtained at:
Mozilla Firefox Home Page