Mozilla fixes bugs and patches flaws in Firefox 3.5.3

by Steve Ragan - Sep 10 2009, 15:24

Yesterday, Mozilla released version 3.5.3 of Firefox, and with it corrected 46 bugs, as well as nine security issues rated critical and one issue rated low. The updated version of Firefox is available now, and is being pushed to users as you read this.

Mozilla fixes bugs and patches flaws in Firefox 3.5.3. (IMG:J.Anderson)

One of the security advisories, MFSA 2009-47, included fixes for seven security and stability flaws, some of which showed evidence of memory corruption. This led Mozilla to assume that, with enough effort, an attacker could use the crashes to run code. Thus you get the critical rating and the one advisory that forms the majority of the security issues in this update. The flaws addressed are split between the browser engine and JavaScript engine. The second critical patch, MFSA 2009-49, which came from TippingPoint’s ZDI, addresses issues in the columns of the XUL tree element that could be manipulated by an attacker to run code. The last critical patch, MFSA 2009-51, deals with a vulnerability in the BrowserFeedWriter that could be leveraged to run malicious JavaScript with chrome privileges. MSFA 2009-50, rated low, centers on the default Windows font used to render the locationbar and other text fields. According to the advisory it was, “… improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.”

Each of the previous critical issues also earn the same rating for users of Firefox 3.0.13, which was updated to version 3.0.14 with yesterday’s releases. MFSA 2009-48, rated as moderate, and the only patch not included with the 3.5.3 release, corrects a problem with the lack of informative dialogs when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule. Everyone is encouraged to update their browser as soon as possible. The odds are you need only to look under Help and select "apply downloaded update now" to do so.The list of bugs addressed in the 3.5.3 release is here.The list of security items for 3.5.3 is here and for 3.0.14 head here.

Comment on this Story

Interested in a more interactive TTH? Join our Facebook Group
Want regular updates from The Tech Herald? Follow us on Twitter

Comment on this Story

Security: Index; News

: Features; Reviews

Advertising

The Fine Print

© 2008 - 2009 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint

Security

Mozilla fixes bugs and patches flaws in Firefox 3.5.3

Comment on this Story

Latest

Latest Articles on Monsters&Critics

In The Tech Herald

Site

The Fine Print