1 - 2 min read
Dec 16, 2009
The Mozilla developers have released version 3.5.6 of their open source Firefox web browser to address a total of seven vulnerabilities, three of them critical. According to Mozilla, the release "is a short-cycle security and sustained engineering release to fix several top crashing bugs".
The update fixes a critical vulnerability in the browser engine used in Firefox that could cause a crash, possibly leading to memory corruption and the execution of arbitrary code. The other two critical bugs in liboggplay and the Theora video library could also lead to a crash and potentially execute arbitrary code on a victim's computer. Additionally, one high risk vulnerability in which "NTLM credentials from one application could be forwarded to another arbitary application via the browser", two moderate risk issues related to the location bar and the chrome window.opener, and one low risk vulnerability, have been closed.
Mozilla has also released an update for the 3.0.x branch of Firefox, which will receive security and stability updates until January of 2010. Firefox 3.0.16 is available to download and addresses all of the above vulnerabilities except the bug relating to the Theora video library, since video capabilities were not added until Firefox 3.5 so prior releases are not affected.
The link for this article located at H Security is no longer available.