Mozilla has released an update for Firefox that among other bug fixes, most notably fixes the wyciwyg:// pseudo protocol vulnerability uncovered last week by independent security researcher Michal Zalewski. wyciwyg:// is an internal mechanism used by Firefox and other Gecko-based browsers to access cached contents of visited web pages. A flaw on how access is granted to these contents could allow a malicious web site gain control of this potentially compromising a user’s privacy and security.
The update also fixes another bug uncovered last week that involved starting Firefox or Thunderbird to run malicious code via a specially crafted web address accessed with Internet Explorer.
Six other security bugs, including 3 critical ones, along with 90+ stability fixes are included in this release so users are strongly encouraged to update. Previous Firefox versions users should upgrade to Firefox 2 to benefit from current support. Older versions (1.0.x and 1.5.x) are no longer supported and would remain exposed to some now well known vulnerabilities.
To update, in the Help menu, select Check for Updates… and follow the on screen instructions.