New Firefox 3.0.9 patches mucked-up memory and other holes


Download Mozilla Firefox 3.0.9 for Windows from Fileforum now.


Bugs in versions of Firefox before 3.0.9 can lead to memory corruption -- a problem that might, in theory be used by bad people to run arbitrary code on your machine. The problem is also present in versions of Thunderbird before 2.0.0.22 -- if you've gone and enabled JavaScript in e-mail -- and of SeaMonkey before 1.1.16.

There are multiple bugs, according to the Mozilla security advisory (MFSA 2009-14), and the crashes they caused demonstrated memory corruption under certain circumstances.

That's the only critical-level problem meriting a patch in the latest edition of Firefox; by contrast, the 3.0.8 release nailed down two, one of which (an XSL stylesheet problem) also affected SeaMonkey. The other, which allowed arbitrary code execution through the XUL <tree> element, was the vulnerability that owned up Firefox at this year's CanSecWest Pwn2Own contest. Nothing so glamorous this time around, for fans of the big splashy bugs.

The new 3.0.9 version does, however, pick off two high-impact vulnerabilities (one involving XMLHttpRequest and XPCNativeWrapper.toString, one involving Flash loading), two moderate-impact problems, and four low-intensity glitches including one that could allow a malicious search plug-in to, under very particular circumstances, get a user to inject JavaScript into other Web sites. That last problem excited a certain amount of fuss in its Bugzilla discussion and was patched just before the code was frozen on March 17.


Download Mozilla Firefox 3.0.9 for Linux from Fileforum now.


3 Responses to New Firefox 3.0.9 patches mucked-up memory and other holes

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.