Mozilla Security Updates: Firefox 3.5.2 and Firefox 3.0.13
Article by George Norman
On 04 Aug 2009
The Mozilla Foundation, upon celebrating the fact that the Firefox browser has been downloaded more than 1 billion times since it was first launched, has now released updates for two versions of its browser, mainly Firefox 3.5.2 and Firefox 3.0.13. Just like Firefox 3.5.1 and Firefox 3.0.12, these updates are meant to address a few security vulnerabilities affecting the software – and most of them are critical.

Just to put things in perspective, Mozilla uses a 4-tier rating system for categorizing vulnerabilities: low, moderate, high and critical. A vulnerability is rated as critical only when a person with malicious intent can exploit it to run code and install software on a targeted machine, with no intervention from the targeted user whatsoever. The use just browses and he gets owned. The Firefox 3.5.2 update comes with fixes for a total of 4 critical vulnerabilities (plus one moderate and one low) while the Firefox 3.0.13 update comes with fixes for a total of 2 critical vulnerabilities (plus one moderate).

Advertising

Firefox Launch Coordinator, Samuel Sidler , comments: “As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads. We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.”

The security content of the Firefox 3.5.2 update (the bold ones are critical; click the link for additional details):

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

The security content of the Firefox 3.0.13 update (the bold ones are critical; click the link for additional details):

MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication

On top of the security fixes, the Firefox 3.5.2 update comes with one additional new feature: images with ICC profiles are now properly displayed on all monitors.

If you would like to get Firefox 3.5.2, a download location is available here.
If you would like to get Firefox 3.0.13, a download location is available here.



Tags: Mozilla, Update, Security, Firefox 3.0.13, Firefox 3.5.2
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 16 Jun 2017
When companies pick an official slogan or motto, they usually go with something they think will impress. Well, these aren't your regular slogans. These are snarky slogans thought up by a cranky a-hole.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mozilla Security Updates: Firefox 3.5.2 and Firefox 3.0.13
HTML Linking Code