[Steve]

The company SecuriTeam, a division of 'Beyond Security', has reported two new flaws in older versions of the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks; the first flaw lies in Firefox's pop-up blocker feature - the browser typically does not allow websites to access files that are stored locally but this URL permission check is superseded when a Firefox user has turned off pop-up windows manually. As a result, an attacker could use this flaw to steal locally stored files and personal information that might be stored in them.

The second flaw, announced by SecuriTeam on Wednesday, concerns Firefox's phishing protection feature. With this vulnerability, an adept phisher could fool the browser into believing that a fraudulent site is actually secure by adding particular characters into the URL of its website.

Neither flaw appears to apply to the current 2.0.0.1 version of Firefox - so ensure that your version of Firefox is at least at version 2.0.0.1 (you can check the version using the [Help][About Mozilla Firefox] command. If it less than 2.0.0.1, you need to install the latest one from the Mozilla website.

Some people are continuing to use the version 1.5.x quite legitimately as it was to be supported with updates by Mozilla for a period after the release of version 2, but now would be a good time to make the version 2.0 switch as the older version is increasingly becoming a target for writers of malware.