Firefox 3.0.8 Security Update Released by Mozilla
The Mozilla Foundation has released version 3.0.8 of their very popular Firefox browser, and you are very well advised to get it. The main reason for you to get Firefox 3.0.8 is this: it fixes two critical security vulnerabilities. One was successfully hacked by German computer science student Nils during the PWN2OWN competition (details here); the second discovered by Guido Landi has already been disclosed and is readily available online (published online here). One other little reminder: the Mozilla Foundation uses a 4-tier severity rating for security vulnerabilities affecting the software they develop and “critical” is the highest one.
“As part of Mozilla Corporation’s ongoing security update process, Firefox 3.0.8 is now available for Windows, Mac, and Linux for free download. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.0.x, you will receive an automated update notification. This update can also be applied manually by selecting “Check for Updates…” from the Help menu,” Firefox Launch Coordinator with the Mozilla Corporation, Samuel Sidler explains.
The two critical security issues in question as are follows:
- The security hole discovered by Nils: the XUL tree method _moveToEdgeShift would trigger garbage collection routines on objects that were still in use. This lead to the browser crashing upon attempting to access an object that had been previously destroyed. This vulnerability can be exploited by a person with malicious intent to run arbitrary code on the targeted machine.
- The vulnerability uncovered by Guido Landi: a person with malicious intent could crash the browser by using an XSL stylesheet. During a XSL transformation, the XSL stylesheet will crash Firefox, thus allowing a person with malicious intent to run arbitrary code on the targeted machine.
In a recent study, it has come to light that the Mozilla Foundation fixes security issues affecting their software applications faster than the competition – details here. The speed at which these two critical holes have been plugged is definite proof of Mozilla’s commitment to providing a secure web browser (and mail client).
If you would like to get Firefox 3.0.8, a download location is available here.
Tags: Mozilla, Firefox
“As part of Mozilla Corporation’s ongoing security update process, Firefox 3.0.8 is now available for Windows, Mac, and Linux for free download. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.0.x, you will receive an automated update notification. This update can also be applied manually by selecting “Check for Updates…” from the Help menu,” Firefox Launch Coordinator with the Mozilla Corporation, Samuel Sidler explains.
Advertising
The two critical security issues in question as are follows:
- The security hole discovered by Nils: the XUL tree method _moveToEdgeShift would trigger garbage collection routines on objects that were still in use. This lead to the browser crashing upon attempting to access an object that had been previously destroyed. This vulnerability can be exploited by a person with malicious intent to run arbitrary code on the targeted machine.
- The vulnerability uncovered by Guido Landi: a person with malicious intent could crash the browser by using an XSL stylesheet. During a XSL transformation, the XSL stylesheet will crash Firefox, thus allowing a person with malicious intent to run arbitrary code on the targeted machine.
In a recent study, it has come to light that the Mozilla Foundation fixes security issues affecting their software applications faster than the competition – details here. The speed at which these two critical holes have been plugged is definite proof of Mozilla’s commitment to providing a secure web browser (and mail client).
If you would like to get Firefox 3.0.8, a download location is available here.
Tags: Mozilla, Firefox
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for download
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 03 Feb 2012
As a passionate supporter of Mozilla and a long-time Firefox user, I am more than familiar with Personas. But it seems that Personas are confusing for new Firefox usersAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Firefox 3.0.8 Security Update Released by Mozilla
HTML Linking Code
HTML Linking Code