MozillaZine: Mozilla Firefox 3.0.1 Released

The first minor update to Mozilla Firefox 3 has been released. Firefox 3.0.1 fixes three critical security vulnerabilities, improves stability and resolves a handful of other small bugs. The security fixes are detailed in the Firefox 3.0.1 section of the Security Advisories for Firefox 3.0 page. Two of the issues ? one related to how Firefox handles command-line URLs to open multiple tabs and another allowing remote code execution by overflowing a CSS reference counter ? were also present in Firefox 2 and fixed in Tuesday's Firefox 2.0.0.16 release. Security improvements in Firefox 3 mean that it's not vulnerable to some of the Firefox 2 variants of the command-line multiple tab exploit but it can still be compromised by combining the attack with a script injection flaw. The final flaw only affects Mac OS X and allows an attacker to crash Firefox with a malformed GIF file, potentially gaining the ability to execute arbitrary code on the victim's computer. This vulnerability is not present in Firefox 2. The non-security fixes include an issue where the phishing and malware database did not update on first launch and a problem that could cause Firefox to not save the security certificate exceptions list properly. view original article
Sat, 19 Jul 2008 19:22:00 +0200

more Planet Mozilla articles