Thursday, March 05, 2009

Firefox 3.0.7 targets security issues

Mozilla on Wednesday released an update to the Firefox Web browser that its developers said fixes eight security issues found in Firefox 3.0.6, six of which were rated critical.

The most serious of the vulnerabilities fixed in Version 3.0.7 could allow attackers to run arbitrary code on a victim's computer, Mozilla warned in security advisories Wednesday.

The six critical flaws affected the browser's garbage collection, which monitors how Firefox modules use the computer's memory, as well as the browser's PNG libraries and in the layout and JavaScript engines.

Firefox 3.0.7 fixes several issues found in Firefox 3.0.6:

* Fixed several security issues.
* Fixed several stability issues.
* Official releases for the Estonian, Kannada, and Telugu languages are now available.
* Items in the "File" menu show as inactive after using the "Print" item from that menu - switching to a new tab restores them (bug 425844). This issue has been fixed.
*For some users, cookies would appear to go “missing” after a few days (bug 444600).
* Mac users of the Flashblock add-on, experienced an issue where sound from the Flash plug-in would continue to play for a short time after closing a tab or window (bug 474022).
* Fixed several issues related to accessibility features.

Mozilla developers said they weren't sure the layout and JavaScript flaws could be exploited.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in an advisory.

Updates for Windows, Mac OS X, and Linux are available at the Mozilla site. Firefox 3 users will receive an update notification within 48 hours, or they can download the update manually by selecting "Check for Updates" from the Help menu.

The update, Mozilla's second this year, comes as Firefox continues to chip away at Internet Explorer's market dominance. Mozilla now has 21.77 percent of the global browser market share, compared with IE's 67.44 percent, a drop of more than 7 percentage points in a year.

No comments: