Mozilla fixes Firefox flaws

Mozilla fixes Firefox flaws


Most users automatically updated

Mozilla has released a new version of its Firefox browser containing some bug and security fixes.

Version 2.0.0.10 includes a memory error patch, better handling of digitally signed pages and a workaround to thwart hackers attempting to fake HTTP Referer headers.

"[Security researcher] Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the 'window.location' property," said Mozilla in a security advisory.

"This could be used to conduct a Cross-Site Request Forgery attack against websites that rely only on the Referer header as protection against such attacks."

Customers still using Firefox 1.5 are strongly advised to upgrade immediately, while those using version two should get updated automatically.

"If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates' from the Help menu," said Mozilla.

Mozilla released a beta of Firefox 3.0 on 20 November offering improved phishing protection, new antivirus software and parental control settings.