In association with heise online

28 October 2009, 09:48

Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mozilla has closed six critical holes in Firefox 3.5 and five critical holes in Firefox 3.0 with the releases of Firefox 3.5.4 and 3.0.15. Three moderate and two low impact vulnerabilities were also fixed in 3.5.4 and 3.0.15.

An update to the media libraries for ogg file playback fixes memory safety issues which were exposed with the implementation on the <video> support in Firefox 3.5. Buffer overflows in Firefox's string to number conversion and GIF colour map parsing have also been fixed. Recursive calls to web workers, a feature introduced in Firefox 3.5, were found to be capable of causing a crash and this has been fixed in 3.5.4. A Privilege escalation issue found in Firefox's Chrome library has been closed. The critical holes also include crashes with memory corruption. It is Mozilla policy to mark these as critical.

According to the release notes, the update also adds the ability to resubmit crash reports and fixes a bug which forced reloading of SSL pages after clearing private data.

The update is now available from the Mozilla site or through Firefox's auto-update facility.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit