Mozilla Plugs Critical Security Holes in Older Firefox Versions
Article by George Norman
On 18 Feb 2010
Personally I am the kind of user that immediately jumped on board when the final version of Firefox 3.6 was released late last month. If you’re like me, then you need to relax. Your browser is safe. But if you’re using Firefox 3.0 or Firefox 3.5 then you need to get the latest updates: Firefox 3.0.18 and Firefox 3.5.8.

The updates have been rolled out by Mozilla as part of its “ongoing security and stability update process.” You should receive an automated update prompt in the next day or so. If you just can’t wait, then you can always manually check for updates. Simply click the Help menu -> then hit Check for Updates.


Why would you want to update? As the release notes say (Firefox 3.0.18 here; Firefox 3.5.8 here), the update makes the browser a more stable and safer platform. For example Firefox 3.5.8 includes 5 security advisories out of which 3 carry the “critical” rating. The bulletins in question are:

MFSA 2010-03
Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research

MFSA 2010-02
Title: Web Worker Array Handling Heap Corruption Vulnerability
Description: Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.
Credit: Orlando Barrera II

MFSA 2010-01
Title: Crashes with evidence of memory corruption
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Tags: Mozilla, Security, Firefox, Update, Firefox 3.0.18, Firefox 3.5.8
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mozilla Plugs Critical Security Holes in Older Firefox Versions
HTML Linking Code