Firefox 3.0.8 Fixes Two Critical Security Issues Found in Firefox 3.0.7
Mozilla had just released its latest Firefox 3.0.8 fixing two critical security holes found in their previous Firefox 3.0.7
Security Issue #1
Arbitrary code execution via XUL tree element
Description: Security researcher discovered that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer.
Security Issue #2
XSL Transformation vulnerability
Description: Security researcher discovered that an XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.
Users who are currently browsing with the Mozilla’s Firefox 3.0.7 are strongly advised to upgrade to the latest Firefox 3.0.8 by following the link here.
Update: Firefox 3.1 Alpha 2
Related Articles
- BitDefender Totol Security, Internet Security and AntiVirus 2008 Free 90 Days Subcription License Key Serial
- Windows Update Cannot or Unable to Download and Install All Critical Updates
- Fix Third-Party Input Language Method Editor (IME) Issues in IE and Windows Vista by Disabling UIPI
- Windows Vista Activation Errors – Causes and Fixes
- F-Secure Online Virus Scanner Supports Firefox Browser
- Windows XP SP3 Release Notes and Known Issues
- Install WGA and OGA Plugins for Firefox for In-Browser Validation
- PicLens Beta for Firefox 3.0b5 and IE with YouTube VIdeo Support Available for Download
- Mozilla Firefox 3.0 RC1 Available for Download
- Fix Error Cannot Install WGA or OGA Plugin (WGAPluginInstall.exe and OGAPluginInstall.exe) in Firefox
Entries (RSS)