Avoid Drive-by Downloads – Update Firefox to Version 3.5.4 Now

firefox If you don’t have Firefox’s automatic update feature turned on, then you need to update your version immediately to Version 3.5.4.

Reports indicate that previous versions are subject to 11 critical security issues, including the risk of drive-by downloads. Drive-by downloads can include the installation of spyware, a virus, or other nasties, which can take place by simply visiting a web site, opening an e-mail, or by dealing with a popup.

According to Mozilla the following security issues have been dealt with in the release of Version 3.5.4.

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

About these ads

6 Comments

Filed under Application Vulnerabilities, Browsers, Don't Get Scammed, Don't Get Hacked, downloads, Firefox, Freeware, Malware Advisories, Software, Tech Net News, Viruses, Windows Tips and Tools

6 responses to “Avoid Drive-by Downloads – Update Firefox to Version 3.5.4 Now

  1. Thanks for the heads up, fortunately FF updated itself for me. Do you run the NoScript add-on? Seems prudent these days.
    Have a good one.
    Mark

    • Bill Mullins

      Hey Mark,

      I can’t imagine surfing the Net without NoScript – I’m not a big fan of walking through minefields. LOL!

      As well, I run WOT, AdBlock Plus, KeyScrambler, and BetterPrivacy as part of my Firefox install. All of this is supplemented by the usual AV’s, Firewall, and most important GesWall an Internet isolator.

      Good to hear from you.

      Bill

  2. Dave Curtis

    Hi Bill. Really enjoy your web site. I did not know if you already know this, but WOT is closing down on Nov 16th. This was really a nice add on to the browser and I have not been using it too long. (Thawte.com). Thanks for all the advice, Dave Curtis.

    • Bill Mullins

      Hey Dave,

      There is some confusion here caused by Thawte Web of Trust * *digital email certificate program, which is undergoing some changes, effective November. WOT (Web of Trust) the Against Intuition Browser add-on is not one and the same, and is NOT being discontinued. So stick with WOT Dave.

      I appreciates you bringing this rumor to my attention.

      Safe Surfing,

      Bill

  3. Dave Curtis

    Thank you Bill. I am sorry I misunderstood this. This is exactly why we have your excellent web site. We will continue to use WOT. My family has learned so much from you. Thanks again, Sincerely, Dave Curtis.