Mozilla has released an updated 3.0.8 version of their flagship Firefox browser addressing two security holes rated as critical. The release came a bit earlier than expected, as the company rushed to fix not only the vulnerability used by security researcher “Nils” to win the Pwn2Own contest little over a week ago
, but also a separate zero-day flaw disclosed last week on a public exploit site.
The first vulnerability involves Mozilla’s XML user interface markup language, XUL, while the second one relates to a problem with the XSL stylesheet that could be used to crash the browser during a XSL transformation. Both of these bugs could be triggered by tricking a victim into viewing a maliciously coded webpage, which would then allow an attacker to install and run unauthorized code on a victim’s computer. You can read more about this update in the official release notes
or download Firefox 3.0.8 here