Tag Archives: firefox

Fixed in Firefox 3.5.2 (security issues)

We strongly recommend the update to Firefox 3.5.2
Firefox 3.5.2 fixes security issues found in Firefox 3.5.1 (2 Critical, 1 Moderate, 1 Low):

MFSA 2009-46 Chrome privilege escalation due to incorrectly cached wrapper
MFSA 2009-45 Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)
MFSA 2009-44 Location bar and SSL indicator spoofing via window.open() on invalid URL
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

Fixed in Firefox 3.0.12 (security issues)

We strongly recommend the update to Firefox 3.0.12 or Firefox 3.5.1 .
Firefox 3.0.12 fixes several security issues found in Firefox 3.0.11 (5 Critical, 1 High):

Fixed in Firefox 3.0.12 :

MFSA 2009-40 Multiple cross origin wrapper bypasses
MFSA 2009-39 setTimeout loses XPCNativeWrappers
MFSA 2009-37 Crash and remote code execution using watch and __defineSetter__ on SVG element
MFSA 2009-36 Heap/integer overflows in font glyph rendering libraries
MFSA 2009-35 Crash and remote code execution during Flash player unloading
MFSA 2009-34 Crashes with evidence of memory corruption (rv:1.9.1/1.9.0.12)

Fixed in Firefox 3.0.11 (several security issues)

We strongly recommend the update to Firefox 3.0.11.

Firefox 3.0.11 fixes several security issues found in Firefox 3.0.10 (4 Critical, 1 High, 2 Moderate, 2 Low):

MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-31 XUL scripts bypass content-policy checks
MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-26 Arbitrary domain cookie access by local file: resources
MFSA 2009-25 URL spoofing with invalid unicode characters
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

The sooner… the safer!