WatchGuard Wire
Improve Your Security IQ
Firefox 3.0.10 fixes bugs introduced in 3.0.9
28 April 09 -- Just a week or so ago, I posted an alert (subscription required) warning Firefox users to upgrade to 3.0.9 in order to fix a dozen security vulnerabilities. Just yesterday, Mozilla released Firefox 3.0.10. Why a new release so soon? Well, one of their "fixes" actually introduced new problems.
During regression testing, Mozilla discovered a new crash bug in 3.0.9. A fix they applied to a non-security related bug has introduced a new memory corruption vulnerability, which could have security implications. The bug seems to only affect Windows users, and could cause Firefox to crash frequently. Furthermore, if the flaw is anything like past memory corruption vulnerabilities, an attacker could potentially exploit it to execute code on your computer, with your privileges.
If Firefox hasn't already automatically downloaded and installed 3.0.10 for you, I recommend you install it as soon as you can. -- Corey Nachreiner, CISSP
Copyright© 2009 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
