Mozilla has pushed out a cross-platform update for Firefox that fixes multiple security flaws.
Firefox 3.5.6 lances three critical vulns in the open source browser software. They include memory problems involving the liboggplay media library, an integer overflow crash bug in the libtheora video library, and a separate memory corruption flaw. All three of the critical vulns create a possible mechanism for hackers to inject hostile code onto vulnerable systems, via drive-by download attacks or similar malign trickery.
The update, published on Tuesday, also tackles a variety of lesser vulnerabilities that (at worst) create a means to crash vulnerable systems. Firefox 3.5.6 also tackles stability bugs and tweaks features, as explained in Mozilla's release notes here.
Firefox 3.0.16 tackles similar flaws for users still using the 3.0.X version of the browser. 3.0.16 is needed to tackle one critical flaw in previous versions of the software, which compares to the three critical nasties lanced with 3.5.6.
As usual, Firefox bugs mean users of the corresponding version of Mozilla SeaMonkey application suite, version 2.0.1, also need to apply patches.
More ruminations on the possible consequence of leaving the flaws unfixed can be found a security advisory by Secunia here. ®
Broader topics
Narrower topics
- Authentication
- Black Hat
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- Digital certificate
- Encryption
- Exploit
- Firewall
- Hacker
- Hacking
- Identity Theft
- Infosec
- Kenna Security
- NCSC
- Palo Alto Networks
- Password
- Phishing
- Ransomware
- REvil
- Spamming
- Spyware
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Vulnerability
- Wannacry
- Zero trust