Original URL: https://www.theregister.com/2010/02/18/firefox_update/

Firefox update takes down three critical flaws

Hotchpotch patch pitch

By John Leyden

Posted in Software, 18th February 2010 16:23 GMT

Mozilla pushed out a new version of Firefox on Wednesday that fixes five browser bugs, three of which present a critical risk of hacker attack.

Firefox 3.5.8 tackles a memory corruption flaw, a heap corruption vulnerability and a flaw in the open-source browser's HTML parser technology. All three of these security bugs create a possible mechanism for hackers to inject hostile code onto vulnerable systems.

The cross-platform update includes stability and performance tweaks, as explained in Mozilla's release notes here.

Mozilla's SeaMonkey web application suite comes bundled with Firefox and therefore also needs updating, to version 2.0.3, to protect against the same flaws as explained here.

Users lagging behind with their open source browser software and still using 3.0.x releases are not spared patching detail and also need to upgrade, to Firefox version 3.0.18. Mozilla doesn't provide a handy list for the security fixes in Firefox 3.0.18 apart from saying the release deals with "several", possibly different, security bugs. ®