There's patching work ahead for users of alternative browsers. Mozilla updated its Firefox web browser on Wednesday in response to the discovery of a vulnerability involving its Javascript Garbage Collector function.

The security bug means that memory corruption might be caused through specially-crafted Javascript code. Successful exploitation creates a means to execute arbitrary code on vulnerable systems.

The vulnerability is reported in version 2.0.0.13 of the popular open source browser. Earlier versions may also be affected. Surfers are advised to update to version 2.0.0.14. Mozilla's security advisory can be found here (http://www.mozilla.org/security/announce/2008/mfsa2008-20.html).

In other browser security news, Apple pushed out an update for its Safari web browser on Wednesday. Both Windows and Apple versions of the browser need patching, though for different reasons.

Safari version 3.1.1 addresses a brace of WebKit vulnerabilities that affect computers running Mac OS X or Mac OS X Server. Left unchecked, the duo of flaws create a means for hackers to crash browsers or inject malicious code onto vulnerable machines, providing users can be tricked into visiting maliciously-constructed websites.

One of the vulnerabilities, which involves flaws in WebKit's handling of JavaScript regular expressions, was discovered during the Pwn to Own contest at CanSecWest last month by Charlie Miller and other white-hat hackers in his team. The second of the two flaws involves problems with WebKit's processing of a colon character in the host name.

Vista and XP users need patching against these flaws and a brace of other vulnerabilities specific to Windows machines, involving memory corruption and a less serious timing issue in Safari 3.1.

Both Windows and Apple users of Safari need to update to Safari version 3.1.1, as explained in an advisory from Apple here (http://support.apple.com/kb/HT1467). ®

Related stories

Mozilla develops browser security metrics (8 July 2008)
http://www.theregister.co.uk/2008/07/08/mozilla_security_metrics/
Apple drags its heels on iPhone security patches (4 July 2008)
http://www.theregister.co.uk/2008/07/04/iphone_security_patch_lag/
Rare Mac Trojan exploits Apple vuln (23 June 2008)
http://www.theregister.co.uk/2008/06/23/mac_trojan/
Bugs casts shadow over Firefox 3 (19 June 2008)
http://www.theregister.co.uk/2008/06/19/firefox3_bugs/
Browser makers throw up drive-by download barriers (9 June 2008)
http://www.theregister.co.uk/2008/06/09/drive_by_download_defences/
Microsoft urges Windows users to shun 'carpet bombing' Safari (31 May 2008)
http://www.theregister.co.uk/2008/05/31/microsoft_warns_against_apple_safari/
Serve up iTunes with Apple's media browser (20 May 2008)
http://www.theregister.co.uk/2008/05/20/apple_browser_itunes/
First public Firefox 3 candidate shoots out the door (19 May 2008)
http://www.theregister.co.uk/2008/05/19/firefox_3_candidate_release/
Apple okay with Safari 'carpet bombing' vuln for now (15 May 2008)
http://www.theregister.co.uk/2008/05/15/apple_safari_carpet_bombing_vuln/
Firefox language pack provides adware back-door (8 May 2008)
http://www.theregister.co.uk/2008/05/08/firefox_component_compromise/
Google launches security group for open source (6 May 2008)
http://www.theregister.co.uk/2008/05/06/google_launches_ocert/
Behind the scenes with Apple's media browser (22 April 2008)
http://www.theregister.co.uk/2008/04/22/mac_secrets_media_browser/
Security experts warn against Web 2.0 charlatans and 'premature AJAXulation' (14 April 2008)
http://www.theregister.co.uk/2008/04/14/ajax_charlatans_old_school_attack/
Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own hacking contest (29 March 2008)
http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/
Mac is the first to fall in Pwn2Own hack contest (28 March 2008)
http://www.channelregister.co.uk/2008/03/28/mac_hack/
Apple grants Windows PCs the right to run Safari for Windows (27 March 2008)
http://www.channelregister.co.uk/2008/03/27/apple_updates_safari_eula/
Mozilla plugs 10 security holes in Firefox (27 March 2008)
http://www.channelregister.co.uk/2008/03/27/firefox_security_flaws_update/
Mozilla CEO blasts Apple for putting security of the internet at risk (24 March 2008)
http://www.channelregister.co.uk/2008/03/24/mozilla_and_the_apple_itunes_update/
Apple unleashes monster patch batch on Mac faithful (19 March 2008)
http://www.theregister.co.uk/2008/03/19/monster_apple_patch_batch/
Firefox 3 beta is live (13 February 2008)
http://www.theregister.co.uk/2008/02/13/firefox_3_beta/
Firefox updates, blitzes trio of critical bugs (8 February 2008)
http://www.theregister.co.uk/2008/02/08/firefox_update/