Mozilla Updates Firefox 3.5 as Well, Fixes Multiple Security Issues
The Mozilla Foundation kicked off the spring of 2011 with security and stability updates for two versions of its Firefox browser. On March 1st, the Mozilla Foundation updated Firefox 3.6 to version 3.6.14; the update is meant to fix multiple security issues (see here). The Mozilla Foundation updated Firefox 3.5 as well, to version 3.5.17. This update is meant to fix multiple security issues as well.
For security reasons you are well advised to update to Firefox 3.5.17. You can update by downloading Firefox 3.5.17 from here, or by manually triggering an update by clicking Help -> Check for updates, or by clicking update when presented with the automated update prompt.
Why are you well advised to get the latest update? Simply because Firefox 3.5.17 is accompanied by 10 security advisories and out of them all 8 carry the critical rating. Out of the remaining 2 advisories, 1 is moderate and 1 is high. In case you didn’t already know this, when a vulnerability is rated as critical it means that with no user interaction beyond normal browsing, an attacker could run code and install software on a targeted machine.
Mozilla provided the following details on the 8 security advisories that carry the critical rating:
Title: MFSA 2011-07 Memory corruption during text run construction (Windows)
Description: When very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memory buffer being allocated to store the text. This issue could be used by an attacker to write data past the end of the buffer and execute malicious code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Alex Miller.
Title: MFSA 2011-06 Use-after-free error using Web Workers
Description: a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Daniel Kozlowski.
Title: MFSA 2011-05 Buffer overflow in JavaScript atom map
Description: The JavaScript engine's internal mapping of string values contained an error in cases where the number of values being stored was above 64K. In such cases an offset pointer was manually moved forwards and backwards to access the larger address space. If an exception was thrown between the time that the offset pointer was moved forward and the time it was reset, then the exception object would be read from an invalid memory address, potentially executing attacker-controlled memory.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-04 Buffer overflow in JavaScript upvarMap
Description: The JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-03 Use-after-free error in JSON.stringify
Description: A method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to store malicious code in the freed section of memory.
Affected software: Firefox, SeaMonkey.
Credit: regenrecht, Igor Bukanov.
Title: MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
Description: A recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
Affected software: Firefox, SeaMonkey.
Credit: Zach Hoffman.
Title: MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Mozilla developers and community.
Title: MFSA 2010-74 CVE-2010-3777 was fixed in Firefox 3.5.17
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey
Credit: Mozilla developers and community.
For additional information on the security advisories that accompany Firefox 3.5.17 click here.
If you would like to get Firefox 3.5.17, here’s the download link again. Release notes here.
For security reasons you are well advised to update to Firefox 3.5.17. You can update by downloading Firefox 3.5.17 from here, or by manually triggering an update by clicking Help -> Check for updates, or by clicking update when presented with the automated update prompt.
Why are you well advised to get the latest update? Simply because Firefox 3.5.17 is accompanied by 10 security advisories and out of them all 8 carry the critical rating. Out of the remaining 2 advisories, 1 is moderate and 1 is high. In case you didn’t already know this, when a vulnerability is rated as critical it means that with no user interaction beyond normal browsing, an attacker could run code and install software on a targeted machine.
Mozilla provided the following details on the 8 security advisories that carry the critical rating:
Title: MFSA 2011-07 Memory corruption during text run construction (Windows)
Description: When very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memory buffer being allocated to store the text. This issue could be used by an attacker to write data past the end of the buffer and execute malicious code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Alex Miller.
Title: MFSA 2011-06 Use-after-free error using Web Workers
Description: a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Daniel Kozlowski.
Title: MFSA 2011-05 Buffer overflow in JavaScript atom map
Description: The JavaScript engine's internal mapping of string values contained an error in cases where the number of values being stored was above 64K. In such cases an offset pointer was manually moved forwards and backwards to access the larger address space. If an exception was thrown between the time that the offset pointer was moved forward and the time it was reset, then the exception object would be read from an invalid memory address, potentially executing attacker-controlled memory.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-04 Buffer overflow in JavaScript upvarMap
Description: The JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer.
Affected software: Firefox, SeaMonkey.
Credit: Christian Holler.
Title: MFSA 2011-03 Use-after-free error in JSON.stringify
Description: A method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to store malicious code in the freed section of memory.
Affected software: Firefox, SeaMonkey.
Credit: regenrecht, Igor Bukanov.
Title: MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
Description: A recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
Affected software: Firefox, SeaMonkey.
Credit: Zach Hoffman.
Title: MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey.
Credit: Mozilla developers and community.
Title: MFSA 2010-74 CVE-2010-3777 was fixed in Firefox 3.5.17
Description: Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Affected software: Firefox, Thunderbird, SeaMonkey
Credit: Mozilla developers and community.
For additional information on the security advisories that accompany Firefox 3.5.17 click here.
If you would like to get Firefox 3.5.17, here’s the download link again. Release notes here.
