Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Firefox Releases 3.0.1 and fixes 3 security vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox Releases 3.0.1 and fixes 3 security vulnerabilities

A security advisory released yesterday by Mozilla fixes the following issues and more:

MFSA 2008-36 Crash with malformed GIF file on Mac OS X. Where a specially crafted GIF file caused the browser to free an uninitialized pointer. This can crash the browser and allow arbitrary code execution on the victim’s computer.
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running. Now this one had an easy workaround…. Just always run Firefox! 

MFSA 2008-34 Remote code execution by overflowing CSS reference counter. This vulnerability affects the CSSValue array data structure.
In addition to the security fixes, some stability issues, a phishing and malware database issue and and updated Public Suffix list are included in this version.
Update:  The new version isn't compatible with the SnagIt plugin.


Mari Nichols

76 Posts
Jul 17th 2008

Sign Up for Free or Log In to start participating in the conversation!