Mozilla Security Updates: Firefox 3.5.2 and Firefox 3.0.13
The Mozilla Foundation, upon celebrating the fact that the Firefox browser has been downloaded more than 1 billion times since it was first launched, has now released updates for two versions of its browser, mainly Firefox 3.5.2 and Firefox 3.0.13. Just like Firefox 3.5.1 and Firefox 3.0.12, these updates are meant to address a few security vulnerabilities affecting the software – and most of them are critical.
Just to put things in perspective, Mozilla uses a 4-tier rating system for categorizing vulnerabilities: low, moderate, high and critical. A vulnerability is rated as critical only when a person with malicious intent can exploit it to run code and install software on a targeted machine, with no intervention from the targeted user whatsoever. The use just browses and he gets owned. The Firefox 3.5.2 update comes with fixes for a total of 4 critical vulnerabilities (plus one moderate and one low) while the Firefox 3.0.13 update comes with fixes for a total of 2 critical vulnerabilities (plus one moderate).
Firefox Launch Coordinator, Samuel Sidler , comments: “As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.”
The security content of the Firefox 3.5.2 update (the bold ones are critical; click the link for additional details):
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
The security content of the Firefox 3.0.13 update (the bold ones are critical; click the link for additional details):
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
On top of the security fixes, the Firefox 3.5.2 update comes with one additional new feature: images with ICC profiles are now properly displayed on all monitors.
If you would like to get Firefox 3.5.2, a download location is available here.
If you would like to get Firefox 3.0.13, a download location is available here.
Just to put things in perspective, Mozilla uses a 4-tier rating system for categorizing vulnerabilities: low, moderate, high and critical. A vulnerability is rated as critical only when a person with malicious intent can exploit it to run code and install software on a targeted machine, with no intervention from the targeted user whatsoever. The use just browses and he gets owned. The Firefox 3.5.2 update comes with fixes for a total of 4 critical vulnerabilities (plus one moderate and one low) while the Firefox 3.0.13 update comes with fixes for a total of 2 critical vulnerabilities (plus one moderate).
Firefox Launch Coordinator, Samuel Sidler , comments: “As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.”
The security content of the Firefox 3.5.2 update (the bold ones are critical; click the link for additional details):
MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
The security content of the Firefox 3.0.13 update (the bold ones are critical; click the link for additional details):
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
On top of the security fixes, the Firefox 3.5.2 update comes with one additional new feature: images with ICC profiles are now properly displayed on all monitors.
If you would like to get Firefox 3.5.2, a download location is available here.
If you would like to get Firefox 3.0.13, a download location is available here.
