Firefox 3.0.8 Fixes Two Critical Security Issues Found in Firefox 3.0.7
Mozilla had just released its latest Firefox 3.0.8 fixing two critical security holes found in their previous Firefox 3.0.7
Security Issue #1
Arbitrary code execution via XUL tree element
Description: Security researcher discovered that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer.
Security Issue #2
XSL Transformation vulnerability
Description: Security researcher discovered that an XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.
Users who are currently browsing with the Mozilla’s Firefox 3.0.7 are strongly advised to upgrade to the latest Firefox 3.0.8 by following the link here.
Update: Firefox 3.1 Alpha 2
Related Articles
- Windows Update Cannot or Unable to Download and Install All Critical Updates
- Mozilla Firefox 3.0 RC1 Available for Download
- PicLens Beta for Firefox 3.0b5 and IE with YouTube VIdeo Support Available for Download
- How to Uninstall and Remove Windows Genuine Advantage (WGA) Validation Plug-In for Firefox (npLegitCheckPlugin.dll)
- F-Secure Online Virus Scanner Supports Firefox Browser
- Mozilla’s Latest Firefox 3.1 Beta 3
- Fix Error Cannot Install WGA or OGA Plugin (WGAPluginInstall.exe and OGAPluginInstall.exe) in Firefox
- Add and Make Firefox Plays Click Navigation Sound and Audio Feedback Like IE
- How to Tweak and Make Mozilla Firefox Load Faster
- Install WGA and OGA Plugins for Firefox for In-Browser Validation
Entries (RSS)