Apr 1, 2009
Glaze

Firefox 3.0.8 Fixes Two Critical Security Issues Found in Firefox 3.0.7

firefox-logo1Mozilla had just released its latest Firefox 3.0.8 fixing two critical security holes found in their previous Firefox 3.0.7

Security Issue #1
Arbitrary code execution via XUL tree element

Description: Security researcher discovered that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer.

Security Issue #2
XSL Transformation vulnerability

Description: Security researcher discovered that an XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.

Users who are currently browsing with the Mozilla’s Firefox 3.0.7 are strongly advised to upgrade to the latest Firefox 3.0.8 by following the link here.

Update: Firefox 3.1 Alpha 2

Updated: Mozilla Firefox 35 Final Free Download

  • Just trying to install firefox on a toshiba laptop – very confusing not straight forward at all. SWM.

Get latest updates via email: