Firefox fixes remotely exploitable flaws

Stephen Withers
Friday, 06 March 2009 01:46

Business IT - Open Source

Firefox 3.0.7, a new version of the leading open source browser, combines security and bug fixes with support for additional languages.

Firefox 3.0.7 fixes five vulnerabilities, three of which were classified as critical.

The program uses the libpng library, which has been updated to overcome vulnerabilities that could be used to remotely crash software that uses it and perhaps execute arbitrary code.

Multiple bugs in the layout and JavaScript engines that showed the potential to allow the execution of arbitrary code have been fixed. These issues may affect other Mozilla-based programs.

The third critical vulnerability involves XUL, the language used to create interfaces in Firefox and other Mozilla software. A memory management issue  provided a way of running arbitrary code.

The other vulnerabilities allowed data stealing from another domain, and the use of control characters to display a misleading URL in the location bar.

Non-security bug fixes include stability improvements, accessibility features, cookies, and a problem with the File menu. A Mac-specific issue relating to Flashblock has also been fixed.

Firefox 3.0.7 also marks the official release of Estonian, Kannada, and Telugu language support.

The update is most easily obtained via Firefox's Check for Updates command, or the complete package can be downloaded from Mozilla's web site.

Firefox 2 is no longer being maintained.

The Camino browser, which is also based on Mozilla's Gecko engine, has not yet been updated to reflect the security fixes.