Firefox 3.6.13 was released by Mozilla on Thursday (December 9), which addresses 13 documented issues, 11 rated as critical – including a vulnerability which can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.
If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following (older), graphic illustrates. However, I do allow the update to download.
Fixed in Firefox 3.6.13
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:220.127.116.11/ 18.104.22.168)
For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.