Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15


Recommended Posts

28 October 2009, 10:48

Mozilla fixes critical bugs with Firefox 3.5.4 and 3.0.15

Mozilla has closed six critical holes in Firefox 3.5 and five critical holes in Firefox 3.0 with the releases of Firefox 3.5.4 and 3.0.15. Three moderate and two low impact vulnerabilities were also fixed in 3.5.4 and 3.0.15.

An update to the media libraries for ogg file playback fixes memory safety issues which were exposed with the implementation on the <video> support in Firefox 3.5. Buffer overflows in Firefox's string to number conversion and GIF colour map parsing have also been fixed. Recursive calls to web workers, a feature introduced in Firefox 3.5, were found to be capable of causing a crash and this has been fixed in 3.5.4. A Privilege escalation issue found in Firefox's Chrome library has been closed. The critical holes also include crashes with memory corruption. It is Mozilla policy to mark these as critical.

According to the release notes, the update also adds the ability to resubmit crash reports and fixes a bug which forced reloading of SSL pages after clearing private data.

The update is now available from the Mozilla site or through Firefox's auto-update facility.

Heise security - http://www.h-online....-15-843475.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...