Firefox 3.0.4 closes nine security holesNovember 13, 2008 – 9:13 AM
The Mozilla Foundation has released Firefox version 3.0.4 to close nine security holes. The developers rated four of the holes as critical because they allow attackers to execute arbitrary code on the victim’s system. One of the critical holes is a classical buffer overflow that can be triggered via specially crafted server responses.
Two additional critical holes were closed in Firefox 220.127.116.11 and SeaMonkey 1.1.13. While both vulnerabilities are caused by memory corruptions and mainly lead to program crashes, the developers didn’t rule out that they could be exploited to infect systems. Specially crafted Shockwave and other files could corrupt the Flash player plug-in but give the browser continued access to the now essentially unmapped memory area.