The Register® — Biting the hand that feeds IT

Firefox update fixes critical bug brace

Just off the production line

Join our expert panel in discussing application security

Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.

Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.

The same two critical bugs are fixed in Firefox 2.0.0.17, for those still using the earlier version of the browser. There's no evidence that either critical flaw has been exploited by hackers but prudence would steer towards early patching. Judging from past experience automatic updates from Mozilla will appear in about a day or so.

The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.

All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®

Join our expert panel in discussing application security

Don’t Miss

GoogleGoogle code cloud punts on-demand embarrassment

Fail and You Mountain View's Sarah Palin moment

open source 75Microsoft weighs next-phase in open-source support

Spring, PHP, and Apache sized up

iTunes logoiTunes minus the player: hack your Apple beats

Mac Secrets Dodge the shareware sledgehammer

OracleOracle plans cloud strategy

Exclusive Larry smells money in madness