Original URL: http://www.theregister.co.uk/2009/10/28/firefox_3_5_4/

Firefox 3.5.4 fixes critical memory flaws

Vulns found all alone in moonlight

By Kelly Fiveash

Posted in Applications, 28th October 2009 15:48 GMT

Mozilla trotted out Firefox 3.5.4 yesterday, which patches 16 vulns - 11 of which were critical bugs.

The browser maker said the 11 critical vulnerabilities were found in a number of components such as the JavaScript and browser engines, the GIF color map parser, the strings-to-number converter, three third party media libraries and web worker calls.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla.

The open source outfit had been expected to release Firefox 3.5.4 on 21 October, after shooting out a release candidate version of the update early last month.

Meanwhile, a beta of the next iteration of Mozilla's popular browser - Firefox 3.6 - might be squirted out later today.

Mozilla has already pushed the release of that version back several times, however.

Get your hands on the update here.®