Mozilla pushes out Firefox version 3.0.3

by Steve Ragan - Sep 28 2008, 00:47

Over the weekend Mozilla Corp. released a second patch for its latest Firefox browser, moving the current version to 3.0.3. The fix addresses an issue with saved passwords that include an international character in either the URL or the password itself.

Mozilla pushes out patch fixing password issue in 3.0.2.(IMG:J.Anderson)

According to Mike Beltzner, the quick fix was issued because, “users who have password data stores with non-ASCII data saved as something other than UTF-8 (more common for people who have saved passwords on IDN domains or non en-US domains) will not be able to access their saved passwords or create any new saved passwords. There is no permanent data loss; the saved data is just inaccessible. While this doesn’t affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix for this issue.”The patch was pushed out late Friday and most of Saturday.On Tuesday, Mozilla released Firefox 3.0.2. That patch addressed five security issues, two critical, two moderate, and one minor. Along with the security issues, the release also fixed various stability issues as well as a checklist of other bugs.The critical issues most important in Tuesday’s release were Mozilla Foundation Security Advisories 2008-41 and 42. They deal with Privilege escalation via XPCnativeWrapper pollution and Crashes with evidence of memory corruption respectively.The XPCnativeWrapper issue, reported by moz_bug_r_a4 and Olli Pettay, is actually a series of issues that cover several vulnerabilities where malicious page content can lead to code execution that runs with chrome privileges.Crashes with evidence of memory corruption, reported by various sources including Drew Yao of Apple Product Security and David Maciejak, covers several stability bugs that caused Firefox to crash when rendering certain images.“Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” the advisory reads.

Talkback

There are currently no comments for this article. Be the first to comment! (no registration required)

Security: Index; News

: Features; Reviews

Advertising

Latest

Dell accused of hoodwinking customers with fake low-price offers
Nintendo says 2009 will address lack of hardcore Wii software
Microsoft cuts Zune prices ahead of Black Friday
Monty Python team announces new YouTube channel
HP TouchSmart tx2 offers finger-tip interaction

Advertising

In The Tech Herald

: Home; Hardware; Software; Security; Internet; Networking; Gadgets; Entertainment; Science; Current Affairs
Other Languages and Sites: Monsters and Critics; Deutschland (Monsters and Critics)

Site

: About Us; Contact Us; The Team; RSS Feeds; Privacy

The Fine Print

© 2008 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint