In association with heise online

05 March 2009, 12:11

Firefox 3.0.7 fixes vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mozilla has released Firefox 3.0.7, fixing three critical security vulnerabilities in the open source web browser. The release fixes several memory safety hazards found in the PNG libraries which could be used by a malicious website to crash a users browser and possibly execute arbitrary code. The upgraded libpng in version 3.0.7 fixes these flaws.

A vulnerability in Mozilla's garbage collection process, caused by improper memory management of a set of cloned XUL DOM elements which were linked as parent and child, has been fixed. The browser would crash after reloading a page with such linked elements, as it attempted to access an object that was already destroyed. An attacker could use this crash to run arbitrary code on the victim's computer.

The browser engine used in Firefox (and other Mozilla-based products such as Thunderbird and SeaMonkey) has been updated to fix several stability bugs that can cause crashes and memory corruption, possibly allowing arbitrary code to be run.

A high risk vulnerability that allowed a website to use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, in violation of the same-origin policy, has been fixed. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website.

The update includes fixes to several stability issues and bug fixes. More details about the update and fixes can be found in the release notes.

Firefox 3.0.7 is available to download, or Firefox users can use the Firefox update service by selecting Help, then Check For Updates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit