Original URL: https://www.theregister.com/2008/12/17/mozilla_3_0_5_and_2_0_0_1_9_updates/

Mozilla hastily shoves Firefox updates out door

Versions 2 and 3 get even patchier

By Kelly Fiveash

Posted in Channel, 17th December 2008 15:20 GMT

Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser.

Firefox 3.0.5 fixes three critical security flaws in the browser, while 2.0.0.19 stitches four critical vulns.

Mozilla said that XSS vulnerabilities in SessionStore, XSS and so-called JavaScript “privilege escalation” and crashes that could cause memory corruption have been repaired in Firefox 3.0.5.

The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla.

It also once again urged users to upgrade from Firefox 2.0 because version 2.0.0.19 is the final release of updates for the browser.

The company “is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible”.

It added that Mozilla’s “Phishing Protection” service would no longer be available in Firefox 2. In other words, it won’t be supporting the browser against future online scams and attacks.

Mozilla’s security updates today follow on from Microsoft having to push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, said a red-faced Microsoft yesterday. ®