Wednesday, July 16, 2008

Firefox 2 and Firefox 3 Security Updates

Yesterday, two critical vulnerabilities were fixed in the update to Firefox 2, now at Version 2.0.0.16:
  • MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
  • MFSA 2008-34 Remote code execution by overflowing CSS reference counter
Today, Mozilla released Firefox 3.0.1, addressing three critical vulnerabilities:
  • MFSA 2008-36 Crash with malformed GIF file on Mac OS X
  • MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
  • MFSA 2008-34 Remote code execution by overflowing CSS reference counter
In addition to the security issues, the update to Firefox 3 update addressed the following additional issues, as shown in the Firefox 3.0.1 Release Notes:
  • Fixed several stability issues.
  • Fixed an issue where the phishing and malware database did not update on first launch.
  • Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
  • Updated the internal Public suffix list.
  • In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.15.
  • Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373) .
  • Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in "Offline" mode 424626)
If you have not yet been offered the update, Click Help >Check for updates.






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: