Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Firefox Releases version 3.0.7 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox Releases version 3.0.7

Published: 2009-03-04
Last Updated: 2009-03-05 14:38:04 UTC
by Deborah Hale (Version: 1)
0 comment(s)

 

Update: It looks like Mozilla updated their information so I am updating it here.

www.mozilla.com/en-US/firefox/3.0.7/releasenotes/

 Mozilla has released version 3.0.7 of Firefox.  This release fixes several issues found in the previous version.  These fixes include several security issues, 3 Critical.. 2 High.. 1 High.. and 1 Low.  The most critical item fixed is the problem of a crash causing memory corruption.  This is a stability bug and there is concern that with effort on the bad guys part these crashes could be used to run arbitrary code.  This issue applies too Firefox, Thunderbird and SeaMonkey products.

According to Mozilla's Security Advisory MFSA2009-07

"Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images."

See www.mozilla.org/security/announce/2009/mfsa2009-07.html for more information.

Advisory MFSA-2009-08

Vulnerability in Mozilla's garbage collection process.

www.mozilla.org/security/announce/2009/mfsa2009-08.html

Advisory MFSA-2009-10

Vulnerability in PNG libraries used by Mozilla cause several memory safety hazards.

For the full list of advisories and detailed information go to:

www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7

 

 

 

 

Keywords: Firefox browser
0 comment(s)
Diary Archives