Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15
Mozilla has closed six critical holes in Firefox 3.5 and five critical holes in Firefox 3.0 with the releases of Firefox 3.5.4 and 3.0.15. Three moderate and two low impact vulnerabilities were also fixed in 3.5.4 and 3.0.15.
An update to the media libraries for ogg file playback fixes memory safety issues which were exposed with the implementation on the
<video> support in Firefox 3.5. Buffer overflows in Firefox's string to number conversion and GIF colour map parsing have also been fixed. Recursive calls to web workers, a feature introduced in Firefox 3.5, were found to be capable of causing a crash and this has been fixed in 3.5.4. A Privilege escalation issue found in Firefox's Chrome library has been closed. The critical holes also include crashes with memory corruption. It is Mozilla policy to mark these as critical.
The update is now available from the Mozilla site or through Firefox's auto-update facility.
- Security Advisories for Firefox 3.5
- Security Advisories for Firefox 3.0
- Firefox 3.5.4 Release Notes
- Firefox 3.0.15 Release Notes