Mozilla Releases Urgent Firefox 3.05 Security Update

Mozilla has come up with a security update, fixing a range of security and stability issues in Firefox browser, with three of the released updates tagged as ‘critical’, while one is rated as ‘high’.

The new update, dubbed as “Firefox 3.05”, plugs as many as eight security holes, along with addition of some new languages, including Bengali, Hindi, Latvian, Galician, and Esperanto.

One of the critical patches addresses cross-site scripting (CSS) flaws in SessionStore, which reloads the web pages of previous session, and is primarily used by attackers to steal crucial financial information, and other sensitive data, while users are running SessionStore.

Another critical vulnerability addressed by the patch is associated with XBL binding, which could be exploited by hackers to execute JavaScript randomly, when the XBL binding is linked to an unloaded web-page.

Moreover, Mozilla’s update also offered umbrella fix for a number of crucial memory corruption malfunctions in the Firefox engine, along with several other Mozilla products, which could enable hackers to carry out remote execution of malicious codes on victim’s computers.

The patch which is rated ‘high’ by Mozilla plugged the security hole that enabled hackers to direct users to malicious websites, so as to launch cross-domain attacks for stealing victims’ sensitive information.

Interestingly, Mozilla seems a bit concerned about the users’ rights, as it has replaced its erstwhile End User License Agreement (EULA) with a new info bar tagged as “Know Your Rights”, which automatically appears when the web-browser is first installed.

Go To Page 2 for our comments and more related links

Our Comments

Internet Browsers are in the limelight for all the bad reasons. Like Internet Explorer, Firefox is not immune from Vulnerabilities and Mozilla's hit squad has managed to act quickly to make sure that the patch to solve any existing flaw is quickly delivered. Job done

Related Links

Firefox 3.0.5 Update

(Firefox)

Mozilla Firefox 3.05 Updates User Rights

(Information Week)

Firefox security updates ready for download

(Ars Technica)

Mozilla Fixes Security Bugs In Firefox Browser

(Channel Web)

Mozilla releases eight patches for Firefox browser

(TG Daily)

Mozilla plugs 13 holes in Firefox, retires older 2.0 browser

(Macworld)

Mozilla hastily shoves Firefox updates out door

(Channel Register)

Mozilla releases Firefox 3.0.5, kills Firefox 2.x

(Internetnews)

Firefox issues eight patches for Web browser

(Network World)