14 DAY TRIAL // Mozilla has updated Firefox and a new version is available for download. With the latest refresh, Firefox jumps from version 2.0.0.6 to 2.0.0.7. At this point in time, older variants of the browser, such as 2.0.0.3, were automatically detecting, downloading and delivering for implementation only Firefox 2.0.0.6. It appears that 2.0.0.7 has not yet made it into Mozilla's automated update infrastructure and to end users. So if you are indeed running 2.0.0.6, then the best way to update your browser, until Mozilla will automatically offer the refresh, is to manually download 2.0.0.7.
Although Mozilla did not make available the release notes for Firefox 2.0.0.7, the update is designed to patch a security hole in the open source browser. In this context, Microsoft has also released security updates at the end of the past month, as a part of the company's monthly patch cycle. However, Internet Explorer 7, and older versions of Microsoft's proprietary browser managed to survive September without a scratch. Traditionally, the Internet Explorer is patched through an IE Cumulative Update. But Microsoft did not issue a single security patch for IE.
This makes Mozilla, with Firefox 2.0.0.7, leader in terms of the amount of vulnerabilities patched in September, although the latest version of the open source browser is essentially designed to address a single security flaw. On 12 September 2007, Window Snyder, the head of security strategy at Mozilla Corporation, confirmed that a vulnerability residing in Apple's QuickTime media player allowed for the running of the default browser with arbitrary parameters. Still, the issue is most severe on Firefox, although IE also seems to be affected, but to a lesser degree.
"If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by opening a malicious media file directly in Quicktime. So far this is only reproducible on Windows", Snyder stated. Firefox 2.0.0.7 will patch this vulnerability. On a side-note, security company Symantec has issued a report comparing the volumes of security flaws affecting Internet Explorer, Firefox, Safari and Opera. You can read about which of the four browsers is the safest here.
Firefox 2.0.0.7 is available here.