Firefox 3.5.3 Update Plugs Several Critical Security Holes
A couple of days ago the Mozilla Foundation rolled out an update to its web browser, mainly Firefox 3.5.3. The update is meant to make the Firefox browser a more stable piece of software and plug several security holes affecting the application. To be more precise, Firefox 3.5.3 fixes a total of 4 security vulnerabilities: three are critical and one is low.
Just to put things in perspective, Mozilla uses a 4-tier security rating: low, moderate, high and critical. Out of the security issues that Firefox 3.5.3 addresses one has been given the low security rating and the remaining three have been rated as critical. The low security vulnerability, MFSA 2009-50 refers to the fact that “the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view.” A person with malicious intent could exploit this vulnerability an conceal the URL of a malicious site from the user.
The remaining three, critical vulnerabilities are:
MFSA 2009-47 – the browser would crash with evidence of memory corruption. If successfully exploited, a person with malicious intent could run arbitrary code.
MFSA 2009-49 – one could manipulate the columns of a XUL tree element which would “leave a pointer owned by the column pointing to freed memory.” A person with malicious intent that successfully exploits this vulnerability could crash and run arbitrary code on the targeted computer.
MFSA 2009-51 – JavaScript code can be run with elevated privileges because of a vulnerability in BrowserFeedWriter. A person with malicious intent could exploit this to run malicious code with chrome privileges.
You are very well advised to update your Firefox 3.5 browser if you have not done so already. Only by keeping an up-to-date browser can you protect yourself from people with malicious intent that want to exploit a vulnerability and compromise your system.
If you would like to get Firefox 3.5.3, you can download it straight from FindMySoft here.
Alternatively you can get it from the official Mozilla Firefox web page here.
FindMySoft Update
We've launched a brand new How To section. You can check it out here.
Tags: Mozilla, Firefox, Browser, Update, Security
Just to put things in perspective, Mozilla uses a 4-tier security rating: low, moderate, high and critical. Out of the security issues that Firefox 3.5.3 addresses one has been given the low security rating and the remaining three have been rated as critical. The low security vulnerability, MFSA 2009-50 refers to the fact that “the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view.” A person with malicious intent could exploit this vulnerability an conceal the URL of a malicious site from the user.
Advertising
The remaining three, critical vulnerabilities are:
MFSA 2009-47 – the browser would crash with evidence of memory corruption. If successfully exploited, a person with malicious intent could run arbitrary code.
MFSA 2009-49 – one could manipulate the columns of a XUL tree element which would “leave a pointer owned by the column pointing to freed memory.” A person with malicious intent that successfully exploits this vulnerability could crash and run arbitrary code on the targeted computer.
MFSA 2009-51 – JavaScript code can be run with elevated privileges because of a vulnerability in BrowserFeedWriter. A person with malicious intent could exploit this to run malicious code with chrome privileges.
You are very well advised to update your Firefox 3.5 browser if you have not done so already. Only by keeping an up-to-date browser can you protect yourself from people with malicious intent that want to exploit a vulnerability and compromise your system.
If you would like to get Firefox 3.5.3, you can download it straight from FindMySoft here.
Alternatively you can get it from the official Mozilla Firefox web page here.
FindMySoft Update
We've launched a brand new How To section. You can check it out here.
Tags: Mozilla, Firefox, Browser, Update, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 28 Sep 2011
Great news for fans of properly good web browsers: the latest version of the Firefox browser to be released to the public is v 7.0
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 08 Nov 2011
The Mozilla Foundation, the non-profit organization behind the Firefox web browser, set Nobember 8th as the release date for the final version of Firefox 8. This means that every user out there will be able to get version 8.0Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Firefox 3.5.3 Update Plugs Several Critical Security Holes
HTML Linking Code
HTML Linking Code