Firefox 220.127.116.11 Removes Vulnerabilities
Several vulnerabilities in Firefox allow remote attacks on 2.x versions: updating to 18.104.22.168 closes the gaps.
Mozilla Firefox before 22.214.171.124 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with smb: or sftp: schemes that access other files from the server (CVE-2007-5337, MFSA 2007-34). To exploit the vulnerability, the attacker has to entice users to a manipulated website on the same server. Websites written in XUL can hide their title bars (MFSA 2007-33, CVE-2007-5334), thus opening up a vector for phishing or spoofing attacks. An overview and more details on the vulnerabilities is available from Secunia.
All of these vulnerabilities have been removed in version 126.96.36.199. The new version is available as a download from the Mozilla page. The last digit in the Firefox version number indicates the fix. The previous update to 188.8.131.52 is from mid-September 2007 and closed the Quicktime vulnerability. The first 2.0 version of Firefox was released in October 2006.