Mozilla addresses critical bugs with Firefox updates
The Mozilla developers have announced the release of version 3.5.8 and 3.0.18 of their open source Firefox web browser. In addition to the usual bug fixes and stability improvements, the updates address a total of five vulnerabilities, three of them rated critical.
The critical security problems relate to the Gecko web rendering engine used in Firefox and other Mozilla-based products, the HTML parsers and the Web Worker Array. According to Mozilla, all three of the critical vulnerabilities could lead to a crash, possibly leading to memory corruption and the execution of arbitrary code.
Two moderate vulnerabilities were also patched that could have been exploited in cross-site scripting (XSS) attacks. The developers note that Firefox 3.6 already fixed the above vulnerabilities and does not need to be updated. All users are encouraged to update their browsers as soon as possible.
Mozilla has also released a maintenance and security update to its SeaMonkey "all-in-one internet application suite", version 2.0.3, to correct bugs and address the above vulnerabilities. According to the Security Advisories, Thunderbird 3.0.2 will address the same security issues, however, it has yet to be released at the time of this writing.
More details about the Firefox updates can be found in the 3.5.8 and 3.0.18 release notes. Firefox 3.5.8 and 3.0.18 are available to download for Windows, Mac OS X and Linux. Users that already have Firefox 3.5.x or 3.0.x installed should receive an automatic update within 24 to 48 hours. Firefox binaries are released under the Mozilla Firefox End-User Software License Agreement and the source code is released under disjunctive tri-licensing that includes the Mozilla Public Licence, GPLv2 and LGPLv2.1.
- Mozilla Foundation Security Advisories, security advisories from Mozilla.
- In future Firefox will drop Mac OS X 10.4 Tiger support, a report from The H.
- Mozilla officially releases Firefox 3.6, a report from The H.