Firefox 2 and Firefox 3 Security Updates

Yesterday, two critical vulnerabilities were fixed in the update to Firefox 2, now at Version 2.0.0.16:

• MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
• MFSA 2008-34 Remote code execution by overflowing CSS reference counter

Today, Mozilla released Firefox 3.0.1, addressing three critical vulnerabilities:

• MFSA 2008-36 Crash with malformed GIF file on Mac OS X
• MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
• MFSA 2008-34 Remote code execution by overflowing CSS reference counter

In addition to the security issues, the update to Firefox 3 update addressed the following additional issues, as shown in the Firefox 3.0.1 Release Notes:

• Fixed several stability issues.
• Fixed an issue where the phishing and malware database did not update on first launch.
• Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
• Updated the internal Public suffix list.
• In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.15.
• Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373) .
• Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in "Offline" mode 424626)
  

If you have not yet been offered the update, Click Help >Check for updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...