Mozilla fixes 16 flaws with Firefox 3.5.4.Byline: jeevan@cpidubai.com (Staff) Mozilla patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4. <p>The 11 critical Firefox 3.5 vulnerabilities were located in a variety of components, including Web worker calls, the GIF GIF in full Graphics Interchange Format Standard computer file format for graphic images. GIF files use data compression to reduce the file size. The original version of the format was developed by CompuServe in 1987. color map See color palette. parser A routine that analyzes a continuous flow of text-based input and breaks it into its constituent parts. See parse. (language) parser - An algorithm or program to determine the syntactic structure of a sentence or string of symbols in some language. , the string-to-number converter (1) A device that changes one set of codes, modes, sequences or frequencies to a different set. See A/D converter. (2) A device that changes current from 60Hz to 50Hz and vice versa. , a trio of third-party media libraries, and both the JavaScript and browser engines.<p>"Some of these crashes showed evidence of memory corruption Memory corruption happens when content of a memory location are unintentionally modified due to programming errors. When the corrupted memory contents are used later in the computer program, it leads either to program crash or to strange and bizarre program behavior. under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. ," Mozilla said in some of the advisories outlining the most serious flaws.<p>Firefox 3.0, which was first released in the summer of 2008 and will be retired from security support in January 2010, was also updated today with the release of version 3.0.15. The older browser received nine patches, four marked critical. <p>The disparity dis·par·i·ty n. pl. dis·par·i·ties 1. The condition or fact of being unequal, as in age, rank, or degree; difference: "narrow the economic disparities among regions and industries" between the two versions' patch counts was due to several that affected only the newer Firefox 3.5, including the three critical bugs outlined in MFSA-2009-63 that required upgrades of the "liboggz," "libvorbis," and "liboggplay" open-source media libraries.<p>Three of the four vulnerabilities spelled out in MFSA-2009-64 generate browser crashes, while the last affects the TraceMonkey JavaScript engine A JavaScript engine (also known as JavaScript interpreter or JavaScript implementation) is an interpreter that interpretes JavaScript source code and executes the script accordingly. that debuted in Firefox 3.5. Mozilla recommended users disable To turn off; deactivate. See disabled. JavaScript in Firefox if they were unable or unwilling to patch the browser. Only one of the four engine crashes impacts Firefox 3.0.<p>Mozilla rated three of the 16 vulnerabilities as "moderate," the second-from-the-bottom ranking in its four-step system, and two as "low," its least serious rating.<p>Tuesday's updates came just a day before Mozilla is slated to release the first beta of Firefox 3.6, a minor update currently set to ship before the end of the year. At one point, Mozilla was hoping to unveil Firefox 3.6 Beta on Oct. 13, but several bugs delayed the preview.<p>Firefox 3.6 will be the first of two so-called "minor" upgrades that Mozilla intends to produce between now and the middle of 2010. Last month, Mozilla switched to a quicker-paced development cycle to bring new features or under-the-hood improvements to users faster, and to stay competitive in the again-aggressive browser market.<p>Mozilla is still hammering out how it will offer users Firefox 3.6 when it ships in final form. Some, including Firefox director Mike Beltzner, lean toward a security update-like mechanism, while others have argued for something more explicit, akin to the "major upgrade" invitations that Mozilla presents users of older editions from time to time.<p>"As proposed earlier in the summer, Firefox 3.6 will be primarily a release with security, stability, speed and capability enhancements, with no visible user interface changes over Firefox 3.5," Beltzner wrote in an Oct. 15 message to the "mozilla.dev.planning" forum. "As such, I think we should consider it as a candidate for a minor update, stretching our definition of what types of updates we can provide using that mechanism."<p>Web measurement company Net Applications says Firefox accounted for nearly 24% of the global browser market last month.<p>Firefox 3.5.4 and 3.0.15 will be available for Windows, Mac OS X and Linux directly from the Mozilla site when they're posted in the next few hours. <p>Current Firefox users, however, will be able to call up the browsers' update tools, or wait for automatic update notifications to appear in the next 48 hours. <p>Copyright 2009 IDG IDG International Data Group IDG Integrated Drive Generator IDG Installation Design Guide IDG Internet Discussion Group IDG Inset Dielectric Guide IDG International Dangerous Goods (mail, shipping) Middle East. All rights reserved. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion