Firefox 3.0.2 eliminates security holes
One critical bug related to crashes in the browser which showed signs of memory corruption, leading the developers to suspect there may be a possibility of arbitrary code execution. The other critical issue was a corruption of the wrapper code which could allow an attacker to run code with the privileges of the browser, and in effect, those of the user.
Two other vulnerabilities were classed as moderate; a directory traversal issue with
One low class issue was also resolved. This involved a technique which moved the content window as a user clicked on something in the window, turning the operation from a click into a drag and drop. This could potentially be used to trick users into downloading files.
Firefox 3.0.2 is already available via automatic update and to download on the Firefox site. The new release also contains a number of bug fixes for stability and layout, and updates to some international languages supported. Also fixed is an issue where the back and forward buttons could disappear from the toolbar.