We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,773 News Articles

Mozilla patches 10 bugs in Firefox

Security update comes days before Firefox 3.6 is expected to be released

Mozilla has patched 10 bugs in web browser Firefox, five of which were labelled 'critical'.

Firefox 3.5.6, the browser's first security update since late October, fixed five flaws rated critical by Mozilla, one tagged as high, three pegged as moderate, and one labelled as a low threat.

The five critical vulnerabilities were located in the rendering and JavaScript engines, and in the 'liboggplay' and 'libtheora' media and video libraries.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in the advisory that spelled out the rendering and JavaScript engine flaws.

Three of the four vulnerabilities outlined in MFSA-2009-065 generate browser crashes, while the last affects the TraceMonkey JavaScript engine that debuted in Firefox 3.5.

Mozilla recommended users disable JavaScript in Firefox if they were unable to immediately patch the browser.

Firefox 3.0, which Mozilla will retire from security support next month, was also updated with the release of version 3.0.16. The older browser received seven patches, just two of them marked critical.

The disparity between the versions' patch counts was due to several that affected only the newer Firefox 3.5, including the two critical bugs in the code libraries, and two of the engine vulnerabilities.

The updates came just days before Mozilla is to release the fifth beta of Firefox 3.6, a minor update once set to ship before the end of the year, but that increasingly looks like it might straggle into 2010.

In fact, Mozilla sounded uncertain whether it would actually deliver Beta 5.

"Beta 5 builds are being tested by QA now, targeting a Thursday release unless we get to RC [Release Candidate] first," notes from a weekly status meeting stated.

"We are really, really close to being code-complete & only need 8 more patches, and a TraceMonkey merge. If we can go to build today or tomorrow, QA will scrap Beta 5 and we'll release RC to the beta audience ASAP."

Mozilla last updated Firefox 3.6 three weeks ago, when it issued Beta 4 .

According to web metrics company Net Applications, Firefox accounted for about 25 percent of all browsers used during the month of November.

Over the past week, however, Firefox's usage share slipped slightly as users turned instead to Google's Chrome, which reached beta status for Mac and Linux on December 8.

Firefox 3.5.6 and 3.0.16 can be downloaded now for Windows, Mac OS X and Linux from the Mozilla site.

Current Firefox users can instead call up the browsers' update tools, or wait for automatic update notifications to appear in the next 48 hours.

Broadband speed test

PC security advice

See also: Mozilla tells users to dump Google for Bing


IDG UK Sites

Samsung Galaxy Alpha vs iPhone 5S comparison review: Metal smartphones fight

IDG UK Sites

Gateway to your kingdom: why everybody should check and update their broadband router

IDG UK Sites

Netflix whips up 3D VR viewing room for Oculus Rift during company hack day

IDG UK Sites

Widespread 2011 MacBook Pro failures continue: Petition for fix surpasses 10,000 signatures