Crash in nsTextFrame::ClearTextRun() – Firefox 3.0.9

Mozilla Foundation Security Advisory 2009-23

Title: Crash in nsTextFrame::ClearTextRun()
Impact: Critical
Announced: April 27, 2009
Reporter: Marc Gueury, Daniel Veditz
Fixed in: Firefox 3.0.10

One of the security fixes in Firefox 3.0.9 introduced a regression that caused some users to experience frequent crashes. Users of the HTML Validator add-on were particularly affected, but other users also experienced this crash in some situations. In analyzing this crash we discovered that it was due to memory corruption similar to cases that have been identified as security vulnerabilities in the past. […]

Read More…

Firefox 3.0.9 fixes several security and stability issues

Firefox 3.0.9 fixes several security and stability issues found in Firefox 3.0.8

Fixed in Firefox 3.0.9
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption (rv:

Download Firefox 3.0.9 […]

Read More…