Feeds

Firefox update plugs three critical flaws

Version 3.5.6 will patch your quilt

5 things you didn’t know about cloud backup

Mozilla has pushed out a cross-platform update for Firefox that fixes multiple security flaws.

Firefox 3.5.6 lances three critical vulns in the open source browser software. They include memory problems involving the liboggplay media library, an integer overflow crash bug in the libtheora video library, and a separate memory corruption flaw. All three of the critical vulns create a possible mechanism for hackers to inject hostile code onto vulnerable systems, via drive-by download attacks or similar malign trickery.

The update, published on Tuesday, also tackles a variety of lesser vulnerabilities that (at worst) create a means to crash vulnerable systems. Firefox 3.5.6 also tackles stability bugs and tweaks features, as explained in Mozilla's release notes here.

Firefox 3.0.16 tackles similar flaws for users still using the 3.0.X version of the browser. 3.0.16 is needed to tackle one critical flaw in previous versions of the software, which compares to the three critical nasties lanced with 3.5.6.

As usual, Firefox bugs mean users of the corresponding version of Mozilla SeaMonkey application suite, version 2.0.1, also need to apply patches.

More ruminations on the possible consequence of leaving the flaws unfixed can be found a security advisory by Secunia here. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?