The Register® — Biting the hand that feeds IT

Firefox update fixes critical bug brace

Just off the production line

Free whitepaper – Unified Server Configurator

Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.

Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.

The same two critical bugs are fixed in Firefox 2.0.0.17, for those still using the earlier version of the browser. There's no evidence that either critical flaw has been exploited by hackers but prudence would steer towards early patching. Judging from past experience automatic updates from Mozilla will appear in about a day or so.

The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.

All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®

Free whitepaper – Avoiding costs from oversizing data center and network room infrastructure

Don’t Miss

Windows VistaWindows 95 to Windows 7: How Microsoft lost its vision

Comment Behind the taskbar

Ubuntu teaser Ubuntu's Karmic Koala bares fangs at Windows 7

Review Shuttleworthian scrap

AppleChange your views: OS X tags exploited

Mac Secrets Apple windows insider

JavaSun preps cell-phone Java plan for netbooks

OpenWorld 09 Modules not globules