Firefox 22.214.171.124 Removes Vulnerabilities
Several vulnerabilities in Firefox allow remote attacks on 2.x versions: updating to 126.96.36.199 closes the gaps.
Mozilla Firefox before 188.8.131.52 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with smb: or sftp: schemes that access other files from the server (CVE-2007-5337, MFSA 2007-34). To exploit the vulnerability, the attacker has to entice users to a manipulated website on the same server. Websites written in XUL can hide their title bars (MFSA 2007-33, CVE-2007-5334), thus opening up a vector for phishing or spoofing attacks. An overview and more details on the vulnerabilities is available from Secunia.
All of these vulnerabilities have been removed in version 184.108.40.206. The new version is available as a download from the Mozilla page. The last digit in the Firefox version number indicates the fix. The previous update to 220.127.116.11 is from mid-September 2007 and closed the Quicktime vulnerability. The first 2.0 version of Firefox was released in October 2006.