After Apple had released a patch to negate the IE/Safari carpet bombing vulnerability last month, Windows security blogger Billy Rios discovered a similar exploit, albeit using Firefox and Safari. Mozilla has made available
an update for both Firefox 2 and Firefox 3 that negates this threat
The earlier version of the open source browser was the first to be updated as the crucial Firefox 18.104.22.168 security update became available on Tuesday (15th July) followed by the 3.0.1 patch for Firefox 3 the next day. In addition to tackling the carpet bombing threat, the updates have also fixed a vulnerability related to the browser’s CSSValue array data, and a minor Mac-only bug.