Mozilla has released a new version of its Firefox software designed to fix several stability bugs in the browser engine, some of which showed evidence of memory corruption and could potentially be exploited to run arbitrary code. Of the nine flaws fixed in Firefox 3.0.11, four were rated critical, one high, two moderate and two low in Mozilla’s four-step system.
One of the critical issues addressed centers on a vulnerability that allows JavaScript from a page's content to run with elevated privileges, while another involved a condition that resulted when navigating away from a web page during the loading of a Java applet. This could have resulted in freed memory that an attacker could write to before it is reused, and then run arbitrary code on the victim’s computer.
In addition to the security fixes, the Firefox developers updated the version of SQLite used within the browser to remove errors that could destroy the bookmark database. As usual, the update will be pushed directly to Firefox users. You can also get Firefox 3.0.11 here and read the detailed security notices at Mozilla’s website.
https://www.techspot.com/news/35078-mozilla-patches-9-firefox-bugs-four-critical.html
