Firefox 18.104.22.168 Removes Vulnerabilities
Several vulnerabilities in Firefox allow remote attacks on 2.x versions: updating to 22.214.171.124 closes the gaps.
Mozilla Firefox before 126.96.36.199 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with smb: or sftp: schemes that access other files from the server (CVE-2007-5337, MFSA 2007-34). To exploit the vulnerability, the attacker has to entice users to a manipulated website on the same server. Websites written in XUL can hide their title bars (MFSA 2007-33, CVE-2007-5334), thus opening up a vector for phishing or spoofing attacks. An overview and more details on the vulnerabilities is available from Secunia.
All of these vulnerabilities have been removed in version 188.8.131.52. The new version is available as a download from the Mozilla page. The last digit in the Firefox version number indicates the fix. The previous update to 184.108.40.206 is from mid-September 2007 and closed the Quicktime vulnerability. The first 2.0 version of Firefox was released in October 2006.