Mozilla patched 13 Firefox security bugs
December 11, 2010 by Network Security
Filed under News, Software patches
From a total of thirteen bugs eleven were marked as “critical”, as those bugs would allow hackers to easily hijack a system or infect it with maleware. The other two vulnerabilities were labeled as “high” and “moderate”. The versions that had a patch were designated for Firefox 3.6.13 and Firefox 3.5.16 by Mozilla, that continues to provide security updates for Firefox 3.5.
Untill now, Mozilla has supported older versions of browsers for about six months after the release of the newer version; if it had continued with that practice with Firefox 3.5, Mozilla would have retired the browser in the summer of 2010 (July), six months after the release of Firefox 3.6.
One of the 13 patches is another crack at a flaw in Firefox that was exposed by Firebug, the popular Web development and debugger addon. First the patch was applied in March – when Mozilla said it did not affect Firefox 3.6 but on Thursday it had to be repeated because the researcher who originally reported this flaw found that the fix applied could be sidestepped.
The new patch is good for both Firefox 3.5 and 3.6, Mozilla stated.
Like Google when it patches Chrome, Mozilla temporarily bars public access to technical details of the critical vulnerabilities it patches until most users have been notified of the update. The company’s Bugzilla alter and bug-filing database, for example, lets somebody see the listings for the two non-critical vulnerabilities in yesterday’s update, but blocks access to the 11 critical flaws.
Other patches addressed browser engine memory bugs, buffer and integer overflows, and a destination bar SSL spoofing flaw. The update also fixed 70 non-security flaws, including several stability bugs that Mozilla tracked through user-submitted crash reports.
The next major upgrade, Firefox 4, was to reach Beta 8 on Nov. 30 — later pushed back to Dec. 9 — but has been delayed again, according to notes on Mozilla’s site. It now won’t appear before Dec. 16. In October Mozilla acknowledged that it could not keep to its original development schedule, & announced Firefox 4 would not launch until early 2011 .
Firefox has been steadily losing usage share as measured by Web metrics company Net Applications. Last month, the browser’s global share slipped to 22.8%, its lowest mark since August 2009.
Users can update to Firefox 3.6.13 by downloading the new edition or by selecting “Check for Updates” from the Help menu in the browser. Firefox 3.5 users can get version 3.5.16 with the update device.
