Did Mozilla Rush the Latest Firefox Patch?

It appears so, as programmer Ronald van den Heetkamp unveiled information about a vulnerability in Firefox 2.0.0.12 mere hours after its release. It seems that a portion of the critical directory traversal flaw addressed in the latest update still exists. In 2.0.0.12, Mozilla corrected the fact that this flaw could be exploited via one of several hundred browser add-ons. However, according to van den Heetkamp, that only fixed half of the issue since Firefox itself can be tricked into traversing directories back. He also discovered an information leak that could lead to an attacker reading your Firefox preferences as well as files stored within the Mozilla program files directory.

There has already been some debate over the seriousness of this leak, with Mozilla's Mike Shaver adamantly stating that it does not expose any personal information. van den Heetkamp fired back, saying that he was wrongfully interpreted and that he never stated it was a personal information leak. "Can it read personal information? Probably under the right circumstances, yes but that is highly theoretical," said van den Heetkamp. Nevertheless, protecting yourself while waiting for Firefox 2.0.0.13 is a good idea. The NoScript extension can do the trick here, and I recommend installing it right away.