28 October 2009, 10:48

Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15

Mozilla has closed six critical holes in Firefox 3.5 and five critical holes in Firefox 3.0 with the releases of Firefox 3.5.4 and 3.0.15. Three moderate and two low impact vulnerabilities were also fixed in 3.5.4 and 3.0.15.

An update to the media libraries for ogg file playback fixes memory safety issues which were exposed with the implementation on the <video> support in Firefox 3.5. Buffer overflows in Firefox's string to number conversion and GIF colour map parsing have also been fixed. Recursive calls to web workers, a feature introduced in Firefox 3.5, were found to be capable of causing a crash and this has been fixed in 3.5.4. A Privilege escalation issue found in Firefox's Chrome library has been closed. The critical holes also include crashes with memory corruption. It is Mozilla policy to mark these as critical.

According to the release notes, the update also adds the ability to resubmit crash reports and fixes a bug which forced reloading of SSL pages after clearing private data.

The update is now available from the Mozilla site or through Firefox's auto-update facility.

Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit