Firefox 3.6.4 Is Out with Crash Protection, Security Fixes
The development team at Mozilla has finally put the finishing touches on version 3.6.4 and rolled out the software to the public. If you’re already on Firefox 3.6, you can manually update your browser by clicking Help -> Check for Updates. Or you could wait for the automatic update prompt; or you could download the browser (download link at the bottom).
There are two main reasons why you would like to get update to versions. The first reason is that version 3.6.4 comes with a new feature called Crash Protection. This feature allows you to keep browsing even if your video or game crashes. Even if the Adobe Flash, Apple QuickTime or Microsoft Silverlight plugin crashes, the Firefox browser will not crash; the browser will not be affected even when if one of those plugins crashes or freezes.
The second reason why you would want to update to version 3.6.4 is security – Mozilla has released 7 security advisories for Firefox 3.6.4. Out of them all, 4 have been rated as critical; 2 have been rated as moderate; 1 has been rated as low.
Here are the details on the 4 critical security bulletins that accompany Firefox 3.6.4 (details on all security bulletins are available here):
MFSA 2010-26
Title: Crashes with evidence of memory corruption
Impact: Critical:
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances; with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla developers and community
MFSA 2010-28
Title: Freed object reuse across plugin instances
Impact: Critical
Description: Two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer.
Credit: Microsoft Vulnerability Research
MFSA 2010-29
Title: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
Impact: Critical
Description: The routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer.
MFSA 2010-30
Title: Integer Overflow in XSLT Node Sorting
Impact: Critical
Description: An XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer
Credit: Security Researcher Martin Barbella
If you would like to get Firefox 3.6.4, you can download the browser here.
Don’t forget to check out the release notes.
There are two main reasons why you would like to get update to versions. The first reason is that version 3.6.4 comes with a new feature called Crash Protection. This feature allows you to keep browsing even if your video or game crashes. Even if the Adobe Flash, Apple QuickTime or Microsoft Silverlight plugin crashes, the Firefox browser will not crash; the browser will not be affected even when if one of those plugins crashes or freezes.
The second reason why you would want to update to version 3.6.4 is security – Mozilla has released 7 security advisories for Firefox 3.6.4. Out of them all, 4 have been rated as critical; 2 have been rated as moderate; 1 has been rated as low.
Here are the details on the 4 critical security bulletins that accompany Firefox 3.6.4 (details on all security bulletins are available here):
MFSA 2010-26
Title: Crashes with evidence of memory corruption
Impact: Critical:
Description: Several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances; with enough effort at least some of these could be exploited to run arbitrary code.
Credit: Mozilla developers and community
MFSA 2010-28
Title: Freed object reuse across plugin instances
Impact: Critical
Description: Two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer.
Credit: Microsoft Vulnerability Research
MFSA 2010-29
Title: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
Impact: Critical
Description: The routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer.
MFSA 2010-30
Title: Integer Overflow in XSLT Node Sorting
Impact: Critical
Description: An XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer
Credit: Security Researcher Martin Barbella
If you would like to get Firefox 3.6.4, you can download the browser here.
Don’t forget to check out the release notes.
