Mozilla Fixes Security Bugs In Firefox Browser
7:44 PM EST Wed. Dec. 17, 2008
The latest version of Firefox, 3.0.5, repaired a multitude of glitches that could enable remote hackers to execute malicious code that would shut down a vulnerable system or infiltrate a victim's computer and steal information.
One of the most serious vulnerabilities repaired by the update enabled attackers to inject malicious URLs into the session restore feature of the browser. The flaw could be used to violate the same origin policy and launch a cross-site scripting attack, which is often used by hackers to steal financial, identifying and other sensitive information while victims are running SessionStore.
In addition, Mozilla's update provided an umbrella fix for several critical memory corruption glitches in the Firefox engine, as well as other Mozilla-based products, which allowed attackers to crash vulnerable systems or execute malicious code if exploited.
Meanwhile, the latest Mozilla security bulletin also repaired a total of 10 errors in Firefox 2, eight shared with version 3.0.5, updating the older version to 220.127.116.11.
Mozilla said that the security update was the final one before it officially retires version 2.0. Samuel Sidler, a Mozilla engineer, said on the Mozilla.dev.planning forum that the company was not planning to release any further security updates for Firefox 2, while mentioning that the Phishing Protection service, which protects users from fraud and other malicious attacks, will no longer be available for the older version of the browser. Sidler said that the company recommended that users upgrade to Firefox 3 "as soon as possible."
"It's free, and your settings and bookmarks will be preserved," he said.