Firefox 3.5.7 Update Fixes 3 Critical Security Issues
The Mozilla Foundation has updated its Firefox browser to version 3.5.7. This update is meant to make the software a more stable platform as well as a safer platform. In this regard the recently released Firefox 3.5.7 update fixes several stability issues and several security issues. To be more precise, it fixes a total of 7 security issues – 3 of which have been given the rating of critical.
Just to put things in perspective, the critical rating means the vulnerability “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” Here is a more in-depth look at the 3 critical security issues that Firefox 3.5.7 addresses:
MFSA 2009-67
Affected software: Firefox, SeaMonkey
Description: A video's dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim's computer
Credit: Dan Kaminsky, David Keeler
MFSA 2009-66
Affected software: Firefox, SeaMonkey
Description: Several bugs in liboggplay which posed potential memory safety issues. The bugs could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.
Credit: Mozilla community and developers
MFSA 2009-65
Affected software: Firefox, Thunderbird, SeaMonkey
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla community and developers
If you would like to get Firefox 3.5.7, a download location is available here.
If you already have Firefox 3.5 installed on your machine, click Help -> Check for updates to manually update the browser.
Just to put things in perspective, the critical rating means the vulnerability “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” Here is a more in-depth look at the 3 critical security issues that Firefox 3.5.7 addresses:
MFSA 2009-67
Affected software: Firefox, SeaMonkey
Description: A video's dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim's computer
Credit: Dan Kaminsky, David Keeler
MFSA 2009-66
Affected software: Firefox, SeaMonkey
Description: Several bugs in liboggplay which posed potential memory safety issues. The bugs could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.
Credit: Mozilla community and developers
MFSA 2009-65
Affected software: Firefox, Thunderbird, SeaMonkey
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla community and developers
If you would like to get Firefox 3.5.7, a download location is available here.
If you already have Firefox 3.5 installed on your machine, click Help -> Check for updates to manually update the browser.
