Mozilla fixes 16 flaws with Firefox 3.5.4

October 28, 2009 – 5:48 AM

Mozilla today patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4.

The 11 critical Firefox 3.5 vulnerabilities were located in a variety of components, including Web worker calls, the GIF color map parser, the string-to-number converter, a trio of third-party media libraries, and both the JavaScript and browser engines.

“Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said in some of the advisories outlining the most serious flaws.

Firefox 3.0, which was first released in the summer of 2008 and will be retired from security support in January 2010, was also updated today with the release of version 3.0.15. The older browser received nine patches, four marked critical.


You must be logged in to post a comment.