Mozilla Security Updates: Firefox 3.5.2 and Firefox 3.0.13
The Mozilla Foundation, upon celebrating the fact that the Firefox browser has been downloaded more than 1 billion times since it was first launched, has now released updates for two versions of its browser, mainly Firefox 3.5.2 and Firefox 3.0.13. Just like Firefox 3.5.1 and Firefox 3.0.12, these updates are meant to address a few security vulnerabilities affecting the software – and most of them are critical.
Just to put things in perspective, Mozilla uses a 4-tier rating system for categorizing vulnerabilities: low, moderate, high and critical. A vulnerability is rated as critical only when a person with malicious intent can exploit it to run code and install software on a targeted machine, with no intervention from the targeted user whatsoever. The use just browses and he gets owned. The Firefox 3.5.2 update comes with fixes for a total of 4 critical vulnerabilities (plus one moderate and one low) while the Firefox 3.0.13 update comes with fixes for a total of 2 critical vulnerabilities (plus one moderate).
Firefox Launch Coordinator, Samuel Sidler , comments: “As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.”
The security content of the Firefox 3.5.2 update (the bold ones are critical; click the link for additional details):
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
The security content of the Firefox 3.0.13 update (the bold ones are critical; click the link for additional details):
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
On top of the security fixes, the Firefox 3.5.2 update comes with one additional new feature: images with ICC profiles are now properly displayed on all monitors.
If you would like to get Firefox 3.5.2, a download location is available here.
If you would like to get Firefox 3.0.13, a download location is available here.
Tags: Mozilla, Update, Security, Firefox 3.0.13, Firefox 3.5.2
Just to put things in perspective, Mozilla uses a 4-tier rating system for categorizing vulnerabilities: low, moderate, high and critical. A vulnerability is rated as critical only when a person with malicious intent can exploit it to run code and install software on a targeted machine, with no intervention from the targeted user whatsoever. The use just browses and he gets owned. The Firefox 3.5.2 update comes with fixes for a total of 4 critical vulnerabilities (plus one moderate and one low) while the Firefox 3.0.13 update comes with fixes for a total of 2 critical vulnerabilities (plus one moderate).
Advertising
Firefox Launch Coordinator, Samuel Sidler , comments: “As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.”
The security content of the Firefox 3.5.2 update (the bold ones are critical; click the link for additional details):
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
The security content of the Firefox 3.0.13 update (the bold ones are critical; click the link for additional details):
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
On top of the security fixes, the Firefox 3.5.2 update comes with one additional new feature: images with ICC profiles are now properly displayed on all monitors.
If you would like to get Firefox 3.5.2, a download location is available here.
If you would like to get Firefox 3.0.13, a download location is available here.
Tags: Mozilla, Update, Security, Firefox 3.0.13, Firefox 3.5.2
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 28 Sep 2011
Great news for fans of properly good web browsers: the latest version of the Firefox browser to be released to the public is v 7.0
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 08 Nov 2011
The Mozilla Foundation, the non-profit organization behind the Firefox web browser, set Nobember 8th as the release date for the final version of Firefox 8. This means that every user out there will be able to get version 8.0
By George Norman on 17 Nov 2011
We all know that the internet is a dangerous place. There are all sorts of nasties out there, from viruses and worms to scammers and cyber criminals. As a parent, it is your task to make sure that your children stay safe online. This means you have toAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Mozilla Security Updates: Firefox 3.5.2 and Firefox 3.0.13
HTML Linking Code
HTML Linking Code