Mozilla patches 11 bugs in Firefox
Also modifies license to correct 'giant mistake' with EULA
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory.
Mozilla also updated the older Firefox to 220.127.116.11, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.
It's unclear how many more updates Mozilla will release for Firefox 2.0 -- it doesn't produce them on a set schedule -- because it has already announced it will drop the browser this December. Yesterday, Mozilla continued to urge users to upgrade to Firefox 3.0.
One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a "click-hijacking" vulnerability first reported in Microsoft Corp.'s Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.
A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.
Mozilla also addressed several other issues in Firefox with 3.0.2, including several stability problems and a bug that caused browsers with customized toolbars to delete the back and forward buttons.
Because the update was delayed to take into account some last-minute fixes, Mozilla also modified the licensing language in Linux versions to eliminate an end-user licensing agreement (EULA) that open-source advocates and users had objected to. Last week, Mitchell Baker, chairman of the Mozilla Foundation and Mozilla Corp., admitted that prompting Linux users to accept the EULA had been a "giant mistake."
Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.
Read more about Networking in Computerworld's Networking Topic Center.
- Capabilities You Need in an IP Address Management Solution A mismanaged IP space can cripple an otherwise healthy network. Take a moment to understand what you need in an enterprise-ready IPAM solution.
- IPv6 Fundamentals IPv6 is needed to sustain the growth of the Internet. The transition from IPv4 will require planning and likely some degree of support...
- Fixing Intermittent Performance Problems Intermittent performance problems are among the most frustrating and time-consuming issues IT administrators face. Read this white paper and learn how technology advances...
- 3G/4G Digital Signage Guide Today, the widespread availability of 3G and 4G cellular or wireless broadband networks enables digital signage to be deployed virtually anywhere.
- Live Webcast 5 Steps to Assuring Quality of Experience In order to align monitoring and management practices with the true demands of the business, IT professionals must expand beyond traditional comfort zones...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- Navigating the New Wireless Landscape Thriving in the new wireless landscape View Now>>
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!