Firefox 2 News Archive and Update History

Martin Brinkmann
Oct 23, 2006
Updated • Mar 26, 2014
Update: This is the news archive for all Firefox 2.x updates that we have reviewed in the past. Firefox 2.x is no longer supported by Mozilla. You can download the latest version of the Firefox web browser from the official Mozilla website.

If you are already running Firefox, you can check your version by starting the browser on your system, tapping on the Alt-key once it is open, and selecting Help > About Firefox from the menu.

Firefox 2 News

Firefox 2.0 announcement

The Mozilla team finally uploaded version 2.0 final of Firefox to the main ftp server. It may take up to 24 hours, sometimes even more, before it is announced on the website as well. So, expect an announcement today or tomorrow. As always, you heard it here first.

If you want to be one of the first to download the new final version I suggest you do so with the links for: Windows or Mac / Linux.

The ftp may be really busy at the moment because the link will surely make its round on the Internet pretty fast. The version itself should not be that different to the release candidate 3 which was released just a few days ago.

The following changes are listed on the release notes page:

  • Visual Refresh
  • Advanced search
  • Improved tabbed browsing
  • Session Restore
  • RSS feed subscriptions
  • Inline spell checking
  • Live titles
  • Improved add-ons manager
  • JavaScript 1.7 support
  • Extended search plugin format
  • Extension system updates
  • Client-side session and persistent storage


Some users who are experiencing bugs or are concerned about security may want to install the update as soon as it is available though so that they can fix bugs, improve stability or fix security issues that the update fixes.

The following link is to an ftp site that offers Firefox 2.0.1 for all supported operating systems and languages.

If you want to be fast go get it know, otherwise wait one more day and get it the regular way. If you are interested about the fixes in this version check out the mozillazine website which lists more than 150 fixes in Firefox 2.0.1. Of note are 42 bugs that crashed Firefox, 3 memory leaks and 4 privacy related bugs that have all been fixed in this release.


The release notes state that the developers fixed seven security issues. Other improvements include Windows Vista support and the addition of several new languages.

One critical security issue has been fixed, the other ones were high (1), moderate (3) and low (2). Just make sure you update as soon as possible and everything should be sorted out fine.

The languages that have been added are Afrikaans, Belorussian, Georgian and Kurdish. They are currently in beta phase and not available from the main Firefox download page.

What's new in Firefox

  • Security updates were released.
  • Support for Microsoft's Windows Vista was supported.
  • Several languages have been added as beta releases.
  • Fixed permission bugs in the German locale.



Firefox resolves one security vulnerability in the web browser.

A malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network.


Three critical, two high, one moderate and two low security vulnerabilities have been fixed in this release making it a must have update for every Firefox user.

If you happen to download the new Firefox release from the official website you should be aware that you download the full version which overwrites the previous version of Firefox if installed in the same directory. All of my installed extensions are compatible with the new release and I suppose that only a few will not work initially with this release. Below is the list of fixes in this release.

MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption


This version fixes the QuickTime Vulnerability which was discovered earlier on and it is recommended that Firefox gets updated as soon as possible. As usual Firefox has been updated for all supported operating systems and all localized versions are available as of now as well.

The vulnerability is based on QuickTime Media Link files (.qtl), simple XML files that include details about the media file to be played (like an .avi, .mov or .mp3) and other settings. However one of these parameters, qtnext, allows the publisher to specify a URL (web address) to be displayed when the media file ends. The URL could be a JavaScript instruction like those used in thousands of web pages and services currently.


A new version of Firefox has been released today. It is already available on the official Mozilla website and through the update check in Firefox itself. Two critical, five moderate and two low security vulnerabilities have been fixed in the new version which makes it a recommended update for all Firefox users.


Am I the only one thinking that the rate of Firefox updates has increased in the last months? The new version of Firefox corrects several bugs that emerged for some users after upgrading to Firefox The update to the new version is therefor mainly an stability update.

It fixes five bugs that have been bothering some users since the update. This includes a fix for Windows Vista users of Firefox who received Java not found or Java not working errors after the upgrade and the problem that add-ons were disabled after upgrading to the new version of Firefox.


Several websites are already reporting the release of the final Firefox version. The update fixes the following security issues.

MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:
MFSA 2007-37 jar: URI scheme XSS hazard


The Mozilla Firefox team has released Firefox just two days ago but a bug discovered after the release prompted them to take immediate action. The bug is affecting an important HTML element interface which makes some extensions and websites unusable with that version of Firefox.

The new Firefox version got rid of that bug and is currently distributed to all primary and secondary mirror sites.


Version is labeled as a security and stability update which means you will not see new features in this release.

The following security issues were fixed:

MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution


Firefox has been released and is currently available through the automatic update function in Firefox and the main Mozilla website. The new update to Firefox 2 is a security update that fixes one critical issue, a crash in the JavaScript garbage collector which is actually more of a stability fix than a security fix. The reason why it is still listed as a security fix is that issues like these have been exploited before in the past.

I suggest you update your version of Firefox 2 as soon as possible, users of Firefox 3 seem safe for now and do not have to do anything. The same issue will also be fixed in upcoming releases of Thunderbird and Seamonkey which are not yet available for download.


The update is a security and stability update which should be available right now from the official download page.

That page is unfortunately down at the moment as are the release notes for that new version. Not exactly sure what's going on currently because the main pages and the developer news website with the announcement is reachable. The update can also be installed by checking for updates in Firefox 2. This can be done in the HELP menu.

The website is working again. The direct download link and the release notes are now accessible. The update fixed four critical, four high, 2 moderate and 2 low security vulnerabilities. Make sure to update asap.

The following security issues were fixed in Firefox

  • Crash and remote code execution in block reflow
  • Remote site run as local file via Windows URL shortcut
  • Peer-trusted certs can use alt names to spoof
  • File location URL in directory listings not escaped properly
  • Faulty .properties file results in uninitialized memory being used
  • Arbitrary socket connections with Java LiveConnect on Mac OS X
  • Arbitrary file upload via originalTarget and DOM Range
  • Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
  • Chrome script loading from fastload file
  • Signed JAR tampering
  • XSS through JavaScript same-origin violation
  • Crashes with evidence of memory corruption (rv:


The update is a security update that fixes two critical security vulnerabilities that allow remote code execution and the opening of multiple tabs if Firefox is not running. Take a look at the Mozilla Foundation Security Advisory articles here and here if you want to read up on the vulnerabilities.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Lincoln said on October 24, 2006 at 9:03 am

    Update: I dled it. No good. I think it spat the dummy at some extensions (esp Tab Mix Plus). I’ve reverted to until further notice

  2. Lincoln said on October 24, 2006 at 8:36 am

    Yes! Great news. Thanks for letting us know.

  3. Arqueiro said on October 23, 2006 at 4:06 pm

    very nice news i will try it now!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.