Mozilla Plugs Critical Security Holes in Older Firefox Versions
Personally I am the kind of user that immediately jumped on board when the final version of Firefox 3.6 was released late last month. If you’re like me, then you need to relax. Your browser is safe. But if you’re using Firefox 3.0 or Firefox 3.5 then you need to get the latest updates: Firefox 3.0.18 and Firefox 3.5.8.
The updates have been rolled out by Mozilla as part of its “ongoing security and stability update process.” You should receive an automated update prompt in the next day or so. If you just can’t wait, then you can always manually check for updates. Simply click the Help menu -> then hit Check for Updates.
Why would you want to update? As the release notes say (Firefox 3.0.18 here; Firefox 3.5.8 here), the update makes the browser a more stable and safer platform. For example Firefox 3.5.8 includes 5 security advisories out of which 3 carry the “critical” rating. The bulletins in question are:
MFSA 2010-03
Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research
MFSA 2010-02
Title: Web Worker Array Handling Heap Corruption Vulnerability
Description: Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.
Credit: Orlando Barrera II
MFSA 2010-01
Title: Crashes with evidence of memory corruption
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Tags: Mozilla, Security, Firefox, Update, Firefox 3.0.18, Firefox 3.5.8
The updates have been rolled out by Mozilla as part of its “ongoing security and stability update process.” You should receive an automated update prompt in the next day or so. If you just can’t wait, then you can always manually check for updates. Simply click the Help menu -> then hit Check for Updates.
Advertising
Why would you want to update? As the release notes say (Firefox 3.0.18 here; Firefox 3.5.8 here), the update makes the browser a more stable and safer platform. For example Firefox 3.5.8 includes 5 security advisories out of which 3 carry the “critical” rating. The bulletins in question are:
MFSA 2010-03
Title: Use-after-free crash in HTML parser
Description: The HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
Credit: Alin Rad Pop of Secunia Research
MFSA 2010-02
Title: Web Worker Array Handling Heap Corruption Vulnerability
Description: Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer.
Credit: Orlando Barrera II
MFSA 2010-01
Title: Crashes with evidence of memory corruption
Description: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Tags: Mozilla, Security, Firefox, Update, Firefox 3.0.18, Firefox 3.5.8
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for download
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 01 Mar 2012
It is never a good idea to reuse passwords and an especially bad one to use the same password for all your accounts. It’s a bad idea because if one account is compromised, all the accounts protectedAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Mozilla Plugs Critical Security Holes in Older Firefox Versions
HTML Linking Code
HTML Linking Code