Firefox Issues Version 3.0.9 with 12 Security Fixes

Mozilla, on April 21, 2009, released yet another security update for its widely used open-source web browser Firefox. The new version 3.0.9 concentrates on fixing a total of twelve security vulnerabilities that affect the program variously. These vulnerabilities that have been patched, include 4 rated as "critical," 2 as "high," 2 as "moderate" and 4 as "low" according to Mozilla's four-stage ranking arrangement.

Furthermore, among the 4 critical flaws, two reside within Firefox's browser engine and the remaining two, within its JavaScript engine. States a security advisory from Mozilla that some of the flaws demonstrate memory corruption in particular conditions, and as per Firefox's presumption, it is possible to exploit at least a few of these to execute arbitrary code.

In addition, the new update has other patches that helps to disallow malicious search plug-ins to divert users onto malevolent websites. They also do not allow attackers to use Adobe Flash for "cross site request forgery" (XSRF) assaults or to clandestinely install cookie-like components on a user's system to track the end-user's web movements. In simple words, these patches help users from being taken to websites that could download malware as well as from getting their computers compromised.

Thus, Firefox strongly recommends that users download and run the new version at the earliest in addition to saying that those who are already using Firefox 3.0 would get a notification for self-acting updates within 24-48 hours.

In the meantime, the April 21, 2009 update, which is the 3rd one during the year, comes after four weeks since Mozilla issued an emergency fix to close a hole that a college student from Germany exploited at the Pwn2Own hacking competition to earn $5,000.

Also, with Firefox already releasing its 3rd batch of security updates through version 3.0.9 in 2009, security experts are questioning the market reputation of the company. And as Firefox attempts to handle these experts' allegations, its other rivals simply are winning an advantage. In fact, the other releases and updates of Firefox are also held up because of this that has affected most adversely users' operations along with their security.

Related article: Firefox Gets Vulnerable With JavaScript

» SPAMfighter News - 5/2/2009