FireFox 3.0.2 Released – 11 Bugs Fixed – Update Today!

The latest update of FireFox version 3.0.2 now available for download includes patches for 11 security deficiencies, many of them rated as critical by Mozilla Corporation.

If you are still using FireFox version 2, then you need to update this version as well, since the latest release of this version includes 14 patches. A number of patches in version 2 are exclusive to this specific version.

Frankly, if you are still using version 2 you need to take the plunge and update to version 3 now. There is no guarantee that Mozilla will continue to offer support for version 2.

A number of the vulnerabilities in version 3 were serious, and included stability issues related to graphics rendering, layout and JavaScript engines. Each has the potential to cause browser crashes could potentially leave the user open to exploitation by malicious code.

The latest FireFox security advisory lists the following vulnerabilities as having been patched.

MFSA 2008-42: Critical

Titled “Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)”–Mozilla says under certain circumstances memory corruption could be exploited to run arbitrary code.

MFSA 2008-41: Critical

Titled “Privilege escalation via XPCnativeWrapper pollution”–Mozilla says this fix includes “a series of vulnerabilities which can pollute XPCNativeWrappers and allow arbitrary code run with chrome privileges.”

MFSA 2008-39: Critical

Titled “Privilege escalation using feed preview page and XSS flaw”–Mozilla says this fixes “a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges.”

MFSA 2008-37: Critical

Titled “UTF-8 URL stack buffer overflow”–Mozilla says “a specially crafted UTF-8 URL in a hyperlink…could overflow a stack buffer and allow an attacker to execute arbitrary code.

MFSA 2008-38: High

Titled “nsXMLDocument::OnChannelRedirect() same-origin violation”–Mozilla says the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed and could be used to execute JavaScript in the context of a different Web site.

MFSA 2008-43: Moderate

Titled “BOM characters stripped from JavaScript before execution”–Mozilla says certain BOM characters are stripped from JavaScript code before it is executed and could lead to code being executed.

MFSA 2008-44: Moderate

Titled “resource: traversal vulnerabilities”–Mozilla says the restrictions imposed on local HTML files could be bypassed using the resource: protocol, allowing an attacker to read information about the system and prompt the victim to save the information in a file.

MFSA 2008-40: Low

Titled “Forced mouse drag”–Mozilla says the vulnerability allows an attacker to move the content window while the mouse is being clicked, causing an item to be dragged rather than clicked-on possibly forcing a user to download a file or perform other drag-and-drop actions.

MFSA 2008-45: Low

Titled “XBM image uninitialized memory reading”–Mozilla says a bug in the XBM decoder allowed random small chunks of uninitialized memory to be read.

It is highly recommended that you update immediately on the Mozilla site, or by clicking on Help – Check for Updates in FireFox.

About these ads

1 Comment

Filed under Browsers, Firefox, Freeware, Geek Software and Tools, Interconnectivity, Internet Safety, Internet Safety Tools, Online Safety, Software, Windows Tips and Tools

One response to “FireFox 3.0.2 Released – 11 Bugs Fixed – Update Today!

  1. g

    correction: version 3.03 out today! more bug fixes.