We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,953 News Articles

Update repairs 11 Firefox 3.0 bugs

Mozilla releases 'critical' fixes

Mozilla has fixed 11 vulnerabilities in Firefox 3.0, more than half of them labelled ‘critical', and fixed 14 flaws in the older Firefox 2.0.

Firefox 3.0.2 quashes six critical bugs, four marked ‘high' in Mozilla's four-step threat ranking system. Among the most serious were four stability bugs in the browser's graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory.

Mozilla also updated the older Firefox to 2.0.0.17, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.

It's unclear how many more updates Mozilla will release for Firefox 2.0 - it doesn't produce them on a set schedule - because it has already announced it will drop the browser in December. Mozilla continues to urge users to upgrade to Firefox 3.0.

One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a ‘click-hijacking' vulnerability first reported in Microsoft's Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.

A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.

Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.

Mozilla Firefox 3.0 review

Internet Explorer 8.0 Beta 2 review


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iPhone 5s review: why the iPhone 5s is still the best phone you can buy in 2014

IDG UK Sites

Passwords don't work: here's four ways to fix them

IDG UK Sites

Developers get access to more Sony camera features