Firefox 3.5.4 fixes critical bugs

Stephen Withers
Thursday, 29 October 2009 04:07

Business IT - Open Source

Firefox 3.5.4 fixes a diverse list of bugs, including half a dozen critical security issues.

A new minor release of the popular Firefox open source browser delivers a total of 11 security fixes.

Several bugs were fixed in the main browser engine that led to memory corruption in certain circumstances. Such issues are taken seriously as they are presumed to provide an opportunity to run arbitrary code.

Multiple Ogg-related libraries were upgrade in the light of bugs that could allow the execution of arbitrary code. The ability to play audio and video files in Firefox rather then through an add-on arrived in Firefox 3.5.

Other critical issues concerned two heap buffer overflows, a Chrome privilege escalation, and an opportunity to run arbitrary code after recursively creating Web Workers.

Firefox 3.5.4 also delivers fixes for three moderate and two low impact security issues.

Most of the remaining 100-plus fixes are minor, but the development team highlighted the return of the ability to re-submit crash reports, plus a fix for a situation where some SSL sites would not immediately load all images and styles after using Clear Recent History.

The most convenient way for users of Firefox on Windows or Mac OS X to obtain the new version is to take advantage of the Check for Updates command as this avoids the need to download the entire installer. If you do need it, the installers are available here.