Mozilla Firefox 2.0.0.10 Released

Firefox 2.0.0.10 is now available for download. This version patches three security holes in the world's second most-popular browser. The first bug is a cross-site scripting flaw in the jar: URI scheme, which may allow an attacker to steal private information (a proof of concept has been published demonstrating how the contacts of logged-in Gmail users can be stolen). Firefox 2.0.0.10 also fixes three stability bugs, which could be exploited to corrupt memory and potentially execute arbitrary code. The final issue relates to a race condition when setting the window.location property, which could be used to spoof a HTTP Referer header. The release can be downloaded from the Mozilla Firefox product page. More information about the new version can be found in the Firefox 2.0.0.10 release notes.