Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox Releases 3.0.1 and fixes 3 security vulnerabilities

Published: 2008-07-17
Last Updated: 2008-07-17 18:43:29 UTC
by Mari Nichols (Version: 1)
0 comment(s)

A security advisory released yesterday by Mozilla fixes the following issues and more:

MFSA 2008-36 Crash with malformed GIF file on Mac OS X. Where a specially crafted GIF file caused the browser to free an uninitialized pointer. This can crash the browser and allow arbitrary code execution on the victim’s computer.
 
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running. Now this one had an easy workaround…. Just always run Firefox! 

MFSA 2008-34 Remote code execution by overflowing CSS reference counter. This vulnerability affects the CSSValue array data structure.
 
In addition to the security fixes, some stability issues, a phishing and malware database issue and and updated Public Suffix list are included in this version.
 
 
Update:  The new version isn't compatible with the SnagIt plugin.

 

0 comment(s)
Diary Archives