• Total Posts: 43051
  • Total Topics: 16234
  • Online Today: 5014
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Mozilla Patches Critical Firefox Bugs  (Read 2155 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Mozilla Patches Critical Firefox Bugs
« on: 18. February 2010., 16:57:41 »

Mozilla on Wednesday patched five vulnerabilities, three of them critical, in older editions of Firefox and in the process extended the support life of Firefox 3.0 by at least one more month.

The newest Mozilla browser, Firefox 3.6, already contains the patches.

Firefox 3.5.8 and Firefox 3.0.18 address three critical flaws in the browsers' Gecko rendering engines, the HTML parsers, and their implementations of Web Worker, an enhanced scripting functionality that lets site developers shift JavaScript computations to a background thread to reduce the performance hit on Firefox's user interface.

Hackers able to exploit any of the three critical bugs would be able to inject their own malware onto the machine, Mozilla noted in the accompanying advisories. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," read the advisory dedicated to the browser engine issue:

The remaining two vulnerabilities , both rated "moderate" in Mozilla's four-step scoring system, were bugs that could be exploited in cross-site scripting attacks.

One of the cross-site scripting flaws was reported by a security researcher working for browser rival Microsoft , marking the second time in two days that Microsoft experts were credited with passing along vulnerability information to a competitor:
Yesterday, Adobe said Microsoft had found and reported a critical flaw in Reader and Acrobat.

Firefox 3.6 does not need to be updated; the five vulnerabilities were addressed before Mozilla shipped the browser Jan. 21.

The last time that Mozilla issued a security update for Firefox was Jan. 5, when it fixed a flaw in the browser's upgrade mechanism and patched a bug that programmers inadvertently introduced the month before.

With the update to Firefox 3.0.18, Mozilla also extended the support lifespan of the 2008 browser beyond the January cutoff it had earlier announced. Mozilla did not immediately respond to questions about when it plans to officially retire the version. In the past, Mozilla has discontinued security updates for a browser approximately six months after the release of a newer edition; Firefox 3.5, the immediate successor to version 3.0, shipped on June 30, 2009.

Firefox accounts for 24.4% of the browser market , according to the most recent data from metrics company Over three-fourths of Firefox users ran version 3.5 last month, while the remainder ran the older 3.0.

Firefox 3.5.8 can be downloaded for Windows, Mac OS X and Linux from the Mozilla site:
Current Firefox users can instead call up the browsers' update tools, or wait for automatic update notifications to appear in the next 48 hours.


Samker's Computer Forum -

Mozilla Patches Critical Firefox Bugs
« on: 18. February 2010., 16:57:41 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising