March 05, 2009, 10:08 AM — Mozilla Corp. today patched eight security vulnerabilities in Firefox, half of them critical memory corruption flaws in the browser's layout and JavaScript engines.
Firefox 3.0.7, the second security update this year to the open-source browser, fixes about the same number of bugs that Mozilla patched a month ago.
Of the eight vulnerabilities, six were rated "critical," one "high" and one "low" in Mozilla's four-step ranking system. The six critical bugs are in Firefox's garbage collection routine, in the PNG libraries used by the browser, and in the layout and JavaScript engines.
Mozilla was uncertain whether the four vulnerabilities patched in the layout and JavaScript engines could be exploited, but assumed as much. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the accompanying advisory read.
Other patches plug holes that could be used by hackers to steal private information and spoof URLs to trick users into thinking they're at a legitimate site.
Mozilla also addressed several non-security issues in Firefox 3.0.7, including unspecified stability problems, a bug that caused some browser cookies to mysteriously vanish, and a Mac-only flaw associated with the Flashblock add-on.
Mozilla Messaging Inc.'s Thunderbird e-mail client, which uses the Firefox rendering engine for JavaScript and other functionality, was not patched today, although six of the eight vulnerabilities also affect it. Until Thunderbird is updated with those fixes -- mid-month is the latest estimate for Thunderbird 2.0.0.21 -- users can protect themselves by disabling JavaScript, said Mozilla. By default, the e-mail application has JavaScript switched off.
The new version of Firefox can be downloaded for Windows, Mac OS X and Linux from the Mozilla site. Current users can also call up their browser's built-in updater, or wait for the automatic update notification, which typically pops up within 48 hours.
In other Firefox-related news, Mozilla today said that it would change the version number of the next major update from Firefox 3.1 -- the moniker used since May, when the company first announced the upgrade -- to Firefox 3.5.
The change, which had been suggested by several developers, will "indicate [the] increased scope" of the update, according to meeting notes posted online today.
Last week, one developer called on Mozilla to bump up the version number. "That way we would more clearly communicate to users that this isn't just a minor update but a major step forward," said Simon Paquet.
Mozilla also modified the schedule for Firefox 3.1 Beta 3 -- it is too late in the process to change the beta to 3.5 -- today, pushing back the ship date for the oft-delayed preview from an earlier estimate of March 10 to March 12.
Firefox holds a 22% market share, according to browser data from Web metrics company Net Applications Inc.
