Firefox 3.0.12 Patches Critical Vulnerabilities


Recommended Posts

22 July 2009, 10:32

Firefox 3.0.12 patches critical vulnerabilities

For users that haven't already updated to the latest Firefox 3.5 release, Mozilla has released Firefox 3.0.12, patching one high risk and five critical security vulnerabilities in their popular open source web browser. The security update addresses a critical vulnerability in the Firefox browser engine that could lead to it crashing, resulting in memory corruption and the possible execution of arbitrary code. A second critical vulnerability has been patched that could potentially be used by an attacker to execute arbitrary code when a Flash object is used to crash the browser.

The browser update fixes a series of heap and integer overflow vulnerabilities in font glyph rendering libraries that could be used by an attacker to crash libpango or CoreGraphics and to run code on Linux and Mac OS X systems. A critical crash and remote code execution vulnerability caused by an SVG element has been fixed and a critical problem caused by the setTimeout parameter that could allow arbitrary JavaScript to be run with the browser chrome privileges, has been addressed. The release also fixes a high risk cross-site scripting (XSS) vulnerability that could be used to run arbitrary JavaScript within the context of another site.

The Mozilla developers strongly advise all Firefox 3.0.x users to update to the latest release. According to a post on Mozilla's developer blog, all users are encouraged to upgrade to Firefox 3.5 as Firefox 3.0.x security and stability fixes will end in January of 2010.

Heise security - http://www.h-online.com/security/Firefox-3...s--/news/113816

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...