We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Update repairs 11 Firefox 3.0 bugs

Mozilla releases 'critical' fixes

Mozilla has fixed 11 vulnerabilities in Firefox 3.0, more than half of them labelled ‘critical', and fixed 14 flaws in the older Firefox 2.0.

Firefox 3.0.2 quashes six critical bugs, four marked ‘high' in Mozilla's four-step threat ranking system. Among the most serious were four stability bugs in the browser's graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory.

Mozilla also updated the older Firefox to, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.

It's unclear how many more updates Mozilla will release for Firefox 2.0 - it doesn't produce them on a set schedule - because it has already announced it will drop the browser in December. Mozilla continues to urge users to upgrade to Firefox 3.0.

One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a ‘click-hijacking' vulnerability first reported in Microsoft's Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.

A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.

Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.

Mozilla Firefox 3.0 review

Internet Explorer 8.0 Beta 2 review

IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor