Firefox 3.0.10 patches *UPDATE*
The Mozilla developers have announced the release of version 3.0.9 of their open source Firefox browser, patching several vulnerabilities. The security and stability release addresses several vulnerabilities and contains several bug fixes.
A total of four critical vulnerabilities in the browser engine used by Firefox and other Mozilla products, such as the Thunderbird email client, have been patched that could have allowed an attacker to inject and run arbitrary code. Version 2.0.22 of Thunderbird should be released shortly and will address the same vulnerabilities. Two high risk vulnerabilities related to cross site scripting (XSS) attacks and content injection attacks have been fixed in the Firefox release, as they violated the same origin policy. A total of six moderate to low vulnerabilities were also patched.
Mozilla notes that Firefox 2.0.0.x releases are no longer supported and also contain several known security vulnerabilities which will not be patched. Mozilla strongly advises that all Firefox users upgrade to the latest release.
More details about the release can be found in the release notes. Firefox 3.0.10 is available to download, or Firefox users can use the Firefox update service by selecting Help, then Check For Updates.
- Firefox: most vulnerabilities, but quickly patched, a report from The H Security.
- The right way to handle encryption with Firefox 3, a feature from The H Security.