MozillaFirefox MozillaFirefox: Security update to version 2.0.0.10 MozillaFirefox: Securityupdate auf Version 2.0.0.10 This update brings Mozilla Firefox to security update version 2.0.0.10 Following security problems were fixed: MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. Der Webbrowser Mozilla Firefox wurde auf Version 2.0.0.10 gebracht, die folgende sicherheitsrelevante Fehler behebt (aufgelistet auf englisch): MFSA 2007-37 / CVE-2007-5947: The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. MFSA 2007-38 / CVE-2007-5959: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2007-39 / CVE-2007-5960: Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks. security MozillaFirefox i586 09f33ce163900efe49a609ee87eaa3f0fa3eeb26 MozillaFirefox ppc 67373cdeef49f415a455c1ea72a45d7e346cc849 MozillaFirefox x86_64 73ec8b07fa216135714d4d28333d4200854ddee6 MozillaFirefox-translations i586 1692ec4ac619ec42a5a4f4076a5bcf3447937398 MozillaFirefox-translations ppc 4ce41f6bafd86960b1d3b14fb29237d65b596788 MozillaFirefox-translations x86_64 e63f987da59e240df26f5bed0b412f41ce4fb679