Firefox update takes down three critical flaws
Hotchpotch patch pitch
Mozilla pushed out a new version of Firefox on Wednesday that fixes five browser bugs, three of which present a critical risk of hacker attack.
Firefox 3.5.8 tackles a memory corruption flaw, a heap corruption vulnerability and a flaw in the open-source browser's HTML parser technology. All three of these security bugs create a possible mechanism for hackers to inject hostile code onto vulnerable systems.
The cross-platform update includes stability and performance tweaks, as explained in Mozilla's release notes here.
Mozilla's SeaMonkey web application suite comes bundled with Firefox and therefore also needs updating, to version 2.0.3, to protect against the same flaws as explained here.
Users lagging behind with their open source browser software and still using 3.0.x releases are not spared patching detail and also need to upgrade, to Firefox version 3.0.18. Mozilla doesn't provide a handy list for the security fixes in Firefox 3.0.18 apart from saying the release deals with "several", possibly different, security bugs. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero Day Initiative
- Zero trust