Mozilla Issues Critical Patches For Firefox Browser

Mozilla Foundation, the organisation behind the popular open source Firefox web browser, has dished out security patches for its browser that cater for five critical vulnerabilities in the older versions of the web browser; the latest version of Firefox, version 3.6, already comes with these patches.

According to an advisory statement released by Mozilla, Firefox 3.5.8 and Firefox 3.0.18 web browsers are crippled by three critical vulnerabilities that affect the browsers' Gecko rendering engines and the HTML parsers.

Also under scrutiny are their implementations of Web Worker, a sophisticated scripting functionality that allows site developers to shift JavaScript computations to a background thread in order to reduce the performance hit on Firefox's user interface.

In the advisory, Mozilla warned that the three critical vulnerabilities can be severely exploited by hackers wishing to inject dangerous malware into computer systems.

Explaining the nature of the vulnerabilities, Mozilla said in the advisory that “Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

The other two security flaws, which are tagged as 'moderate' by Mozilla, were said to be vulnerable to cross-scripting malware attacks.

Our Comments

Interestingly, one of the vulnerabilities was reported by rival Microsoft, which had recently reported a critical flaw in the Adobe Flash as well. Microsoft has become well skilled at finding vulnerabilities in the applications of other companies.

Related Links

Mozilla patches critical Firefox bugs

(Computer Weekly)

Mozilla patches up FireFox

(Tech Eye)

Multi-browser use 'will become common'

(BCS)

Where does Mozilla go when the monopoly witch is dead?

(The Register)