Computerworld - Mozilla Corp. late Tuesday patched 11 vulnerabilities in Firefox 3.0, more than half of them labeled "critical," and fixed 14 flaws in the older Firefox 2.0.

Firefox 3.0.2 quashes six critical bugs, four marked "high" and one pegged as "low" in Mozilla's four-step threat ranking system. Among the most serious were four stability bugs in the browser's graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory.

Mozilla also updated the older Firefox to 2.0.0.17, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.

It's unclear how many more updates Mozilla will release for Firefox 2.0 -- it doesn't produce them on a set schedule -- because it has already announced it will drop the browser this December. Yesterday, Mozilla continued to urge users to upgrade to Firefox 3.0.

One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a "click-hijacking" vulnerability first reported in Microsoft Corp.'s Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.

A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.

Mozilla also addressed several other issues in Firefox with 3.0.2, including several stability problems and a bug that caused browsers with customized toolbars to delete the back and forward buttons.

Because the update was delayed to take into account some last-minute fixes, Mozilla also modified the licensing language in Linux versions to eliminate an end-user licensing agreement (EULA) that open-source advocates and users had objected to. Last week, Mitchell Baker, chairman of the Mozilla Foundation and Mozilla Corp., admitted that prompting Linux users to accept the EULA had been a "giant mistake."

Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Mozilla

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

2 comments | Add new

See all comments (2) | Add new

White Papers & Webcasts

Southern Company
Download Now

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

Defending Against the Storm
Download Now

Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.

Share our Strength
Download Now

Preparing Your Business Services for the Future
Would you trust your network monitoring tools enough to know when something is truly halting a business service?

Why Email Fails: Dell MessageOne Survey of Email Outages
Download Now

IPAM: Slashing Network Costs
Slashing Network Costs by Consolidating and Automating Core Network Services

Essential Archive Requirements for E-Discovery
Register Now!

Horror stories: Managing IT Across Multiple Locations
How one extra sharp IT manager eliminates daily agony, hassle and repetition.

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.

	Networking
	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10
	Cloud Computing

resource center

Newsletter Sign-Up

Mozilla patches 11 bugs in Firefox

Also modifies license to correct 'giant mistake' with EULA

Mozilla

Additional Resources

What People Are Saying

White Papers & Webcasts

Computerworld Reports

White Papers

Sponsored Links