Firefox gets an unannounced security update

Mozilla has released a new update to its Firefox browser which is meant to make the browser more secure as it solves three vulnerabilities which were classified as having a high impact.

The three issues patched were the Referer-spoofing via window.location race condition, the Memory corruption vulnerabilities and the jar: URI scheme XSS.

The first vulnerability would allow a third party to conduct a "Cross-site Request Forgery (CSRF) attack" against websites that rely only on the Referer header as protection against such attacks.

However, this version of Firefox does not solve a weakness in its password manager which allows usernames and passwords to be stolen by an attacker.

Also as one could have expected, the memory leak problems are still largely present in version 2.0.0.10.