Firefox 3.5.8 Closes Security Holes

Mozilla yesterday released updates for its Firefox Web browser to shore up vulnerabilities in the 3.5.x and 3.0.x browser versions.

Three critical flaws (MSFA 2010-01, 2010-02 and 2010-03) all involve memory-related errors that could potentially allow an attacker to run any command on a victim PC. According to the advisories, the holes are already fixed in the recently released Firefox 3.6.

The patches also fix two other flaws that could lead to cross-site scripting attacks, but are only rated moderate (MSFA 2010-04 and 2010-05).

The updates are available for Windows, Mac and Linux, and will bump up the browser versions to 3.5.8 or 3.0.18. If you haven't already seen the automatic update pop-up, head to Help | Check for Updates to get the patch.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter