Firefox Issues Eight Patches for Web Browser

Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.

The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an emergency patch for that problem Wednesday.

Two of the critical Firefox problems could allow an attacker execute a cross-site scripting attack, in which scripts or commands from one Web application that shouldn't run in another are successfully executed. The third problem relates to Firefox's browser engine, and could make it crash or possibly allow someone to remotely execute code on a PC, Mozilla said in its advisory.

Mozilla defines a critical vulnerability as one that could allow an attacker to run code on a machine in the course of normal Web browsing.

The patches are for Firefox version numbers 3.04 and 2.0.0.18. Mozilla has said this round of patches will be the last for Firefox 2, which it will now stop supporting. The update also removes the phishing filter in Firefox 2 because the browser uses an outdated version of a protocol used to import a blocklist of phishing sites supplied by Google. Firefox 2 users are being promoted to upgrade to Firefox 3.

Firefox's auto-update mechanism should automatically download these latest patches, and users will be prompted to restart the browser to complete the process.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Best of PCWorld Newsletter

Comments