Mozilla issues two critical security advisories to 3.0 to 3.0.1

knguyen · 07-18-2008, 04:49 PM

The recent and awesome Firefox 3.0 release needs to be updated.

MOZILLA FIREFOX versions 2.X and 3.0, as well as other Mozilla software products, are named in two critical security advisories issued Wednesday.

Mozilla Foundation Security Advisory 2008-34 applies to both Firefox versions plus Thunderbird and Seamonkey.

Mozilla Foundation Security Advisory 2008-35 applies to both Firefox versions.

Note:
Automatic updates are disabled in Firefox 3.0, so users must download and install the updated Firefox 3.0.1 manually.

EDIT:
3.01, Three fixed critical bugs. Critical defined and bugs fixed below.
Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
MFSA 2008-36 Crash with malformed GIF file on Mac OS X
MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
Source: Security Advisories for Firefox 3.0

Also for further information:
Mozilla Firefox 3.0.1 Release Notes

mparkhurst · 07-21-2008, 01:11 PM

Please post links to any security advisories posted here.

Also, please give a brief description of why the advisory is important/critical.

07-18-2008, 04:49 PM	#1 (permalink)
knguyen Junior Member Join Date: Jun 2008 Location: San Diego, CA Posts: 15	Mozilla issues two critical security advisories to 3.0 to 3.0.1 The recent and awesome Firefox 3.0 release needs to be updated. MOZILLA FIREFOX versions 2.X and 3.0, as well as other Mozilla software products, are named in two critical security advisories issued Wednesday. Mozilla Foundation Security Advisory 2008-34 applies to both Firefox versions plus Thunderbird and Seamonkey. Mozilla Foundation Security Advisory 2008-35 applies to both Firefox versions. Note: Automatic updates are disabled in Firefox 3.0, so users must download and install the updated Firefox 3.0.1 manually. EDIT: 3.01, Three fixed critical bugs. Critical defined and bugs fixed below. Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing. MFSA 2008-36 Crash with malformed GIF file on Mac OS X MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running MFSA 2008-34 Remote code execution by overflowing CSS reference counter Source: Security Advisories for Firefox 3.0 Also for further information: Mozilla Firefox 3.0.1 Release Notes Last edited by knguyen; 07-21-2008 at 01:22 PM.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

07-21-2008, 01:11 PM	#2 (permalink)
mparkhurst Systems Administrator Join Date: May 2008 Posts: 14	Please post links to any security advisories posted here. Also, please give a brief description of why the advisory is important/critical.