Mozilla Updates Firefox and Thunderbird, Plugs Critical Vulnerabilities
Article by George Norman
On 07 Apr 2010
The Mozilla Foundation has updated all versions of its Firefox web browser – this means Firefox 3.0, Firefox 3.5 and the latest and greatest, Firefox 3.6.

Firefox 3.0 has been updated to version 3.0.19. The update, as Mozilla said, is meant to fix several stability issues and address several security problems. To be more precise, Firefox 3.019 comes with fixes for a total of 6 security advisories – all but one carry the critical rating . The security advisories in question are:
  • MFSA 2010-21 - Arbitrary code execution with Firebug XMLHttpRequestSpy
  • MFSA 2010-20 - Chrome privilege escalation via forced URL drag and drop
  • MFSA 2010-19 - Dangling pointer vulnerability in nsPluginArray
  • MFSA 2010-18 - Dangling pointer vulnerability in nsTreeContentView
  • MFSA 2010-17 - Remote code execution with use-after-free in nsTreeSelection
  • MFSA 2010-16 - Crashes with evidence of memory corruption

Firefox 3.5 has been updated to version 3.5.9. This update is also meant to fix several stability issues and address several security problems. Firefox 3.5.9 comes with fixes for 8 security advisories – 5 critical, 3 low. These security advisories are:
  • MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
  • MFSA 2010-23 Image src redirect to mailto: URL opens email editor
  • MFSA 2010-22 Update NSS to support TLS renegotiation indication
  • MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
  • MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
  • MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
  • MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
  • MFSA 2010-16 Crashes with evidence of memory corruption

Please note that Firefox 3.0.19 and 3.5.9 are the last planned security and stability updates Mozilla will release for these browser versions. Users are strongly urged to upgrade to Firefox 3.6.

Advertising

Speaking of which, Firefox 3.6 has been updated to version 3.6.3 – the update is meant to fix a critical security issue that, if exploited by a person with malicious intent, could lead to remote code execution. It is all detailed in security advisory MFSA 2009-25:
MFSA 2009-25
Title: Re-use of freed object due to scope confusion
Impact: Critical
Description: A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
Credit: Nils of MWR InfoSecurity.


If you would like to get Firefox 3.6.3, you can download it straight from
Mozilla here.

The Mozilla Foundation has also updated Thunderbird to version 3.0.4. The update comes with several fixes for the user interface and several stability and security fixes. The security advisories attached to Thunderbird 3.0.4 are:
  • MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
  • MFSA 2010-22 Update NSS to support TLS renegotiation indication
  • MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
  • MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection
  • MFSA 2010-16 Crashes with evidence of memory corruption

If you would like to get Thunderbird 3.0.4, you can download it straight from Mozilla
here.



Tags: Mozilla, Firefox, Thunderbird, Security, Update
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mozilla Updates Firefox and Thunderbird, Plugs Critical Vulnerabilities
HTML Linking Code