New Firefox release
Mozilla has released a new version of the Firefox browser to fix a number of security risks, including two critical issues.
Version 3.0.2 of the browser fixes five security issues including two critical, two moderate, and one minor risk.
Critical issues are those that "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing".
The one critical issue in Firefox allows an attacker to escalate their privileges using the XPCnativeWrapper. The other issue was one that led to regular crashes that could result in memory corruption.
All told, the five issues fixed by this release fix vulnerabilities that include arbitrary code execution, allowing cross-site scripting, privilege escalation, information disclosure, and denial of service.
Version 3.0.2 of the Firefox browser can be downloaded from the www.firefox.com website.
Update
Mozilla today issued a second bugfix release of its Firefox browser to fix a problem caused by the last bugfix release.
Version 3.0.2 of the Firefox browser, which fixed a number of security bugs including two critical ones, itself has a problem. That version has a glitch that prevents access to passwords with international characters in the Web address, the login or the password itself.
Mike Beltzner, in a post to the Mozilla development planning group, said that:
“Shortly after releasing Firefox 3.0.2 our QA and Support teams began seeing reports of problems certain users were having with the Firefox Password Manager. This was being caused by non-ASCII data (in domains, logins or passwords) saved as something other than UTF-8 failing to convert back to Unicode (see bug 454708) which was a regression from a fix to make the Password Manager work on IDN sites with characters over U+0100.”
Loading ...