Firefox 3.0.7 targets security issues

Mozilla on Wednesday released an update to the Firefox Web browser that its developers said fixes eight security issues found in Firefox 3.0.6, six of which were rated critical.

The most serious of the vulnerabilities fixed in version 3.0.7 for Windows, Mac, and Linux could allow attackers to run arbitrary code on a victim's computer, Mozilla warned in security advisories Wednesday.

The six critical flaws affect the browser's garbage collection--which monitors how Firefox modules use the computer's memory--as well as the browser's PNG libraries and in the layout and JavaScript engines.

Mozilla developers said they weren't sure the layout and JavaScript flaws could be exploited.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in an advisory.

Updates for Windows, Mac OS X, and Linux are available at the Mozilla site. Firefox 3 users will receive an update notification within 48 hours, or they can download the update manually by selecting "Check for Updates" from the Help menu.

The update--Mozilla's second this year--comes as Firefox continues to chip away at Internet Explorer's market dominance. Mozilla now has 21.77 percent of the global browser market share, compared with IE's 67.44 percent, a drop of more than 7 percentage points in a year, according to figures from Web metrics company Net Applications.

[akcname]

Your link for Mac version of Firefox 3.0.7 downloads an installer that says it is in English, but the version installed is some sort of Eastern European language. Fortunately I had a backup of 3.0.6 so I could replace it. Trying to find v. 3.0.7 on the firefox website also links to a server that is in another language than English.

[texaslabrat]

or, you could select "check for updates" from the "help" menu of firefox....

[goodspeed8701]

I still use IE 8 and the IE 8rc is sweet not fast in the socalled java test that i found useless but it works like a benz

[ittesi259]

And a Benz is nice, even if they have a long standing history of requiring service often....

[Sausagebiscuit]

This really is not even worth replying to, ittesi259. At least you made a point, and most people could comprehend your point, unlike the original poster who just jumbles words together and got lucky.

Basic comprehension goes a long way when making a statement. It doesn't have to be perfect, but at least readable.

[Dalkorian]

"Fat, drunk and stupid is no way to go through life, son."

[ducttape36]

anyone read this post article from the washington post blogger brian krebs?
http://voices.washingtonpost.com/securityfix/2009/03/fanning_the_flames_of_the_brow.html
turns out firefox has more security flaws disclosed last year than any other browser. more than four times than IE. i found that very surprising. although i think the flaws for IE were much more serious and microsoft took way longer to patch them than mozilla. worth a read though if anyone hasnt already.

[goodspeed8701]

Yeah i know thats why i use IE

[ittesi259]

Makes me wonder if there are unpatched flaws in IE because they aren't public knowledge. Remember MS usually finds out about stuff because other security firms publish it. Well maybe they know they just do nothing with it. 18 months for some updates AFTER notification. Mozilla finds their problems and fixes them. They don't even know if its possible to execute remote code via these issues but patch it anyway.

[zizzybaloobah]

And yet the machines I have to repeatedly fix for neighbors, friends, and relatives are the ones where they use IE rather than Firefox or some other browser. I'm not concerned about flaws that are found and fixed. It's the ones that found and not fixed, or haven't been publicly disclosed that cause concern.

[thomshouse]

This means nothing when you are comparing a product whose entire development process is open by nature, to a product whose development is shrouded in secrecy.

Firefox had more disclosed bugs because there were more people seeing, looking at & improving on the code. Because IE is closed-source, Microsoft is probably ignorant to most bugs until they are exploited, and may very well sit on some bugs until they are exploited, because it isn't cost-effective to patch old code unnecessarily.

Ask 100 Firefox users and 100 IE users how often they get hit by bugs & spyware. Ask 100 Firefox advocates whether their tech-ignorant relatives have gotten more or fewer viruses after being switched to Firefox. That'll give you a better idea as to which browser is more secure.

[codynews]

What's the deal with browsers and security issues? Lame.

[Sausagebiscuit]

Must have something to do with software never being perfect, or something like that I hear. Who knows. Lame.

[sparrowhyperion]

Keep a few things in mind.

1. As posted in an earlier comment... Microsoft has fewer security flaws DISCLOSED. This says nothing about the ones they probably aren't disclosing.

2. The developers over at Mozilla patch a problem as quickly as possible, especially security issues. Whereas Mickeysloth tries to stick to their rigid patching cycle and only puts out an out of cycle patch if they start receiving a few hundred thousand complaint emails.

There are many more reasons to worry more about flaws with Mickey Sloth, but my carpal tunnel is kicking so that's all I am going to say for now.

[stockyjoe]

Come on FF get minefield out. With the new FF and mindfield you'll be the fastest. most secure and customizable browser of them all.

[Conficio]

The Mac OS X install does not succeed. For days now I'm asked every day if I want to upgrade to 3.0.7 and after agreeing, restartign Firefox and/or rebooting it still has version 3.0.6. Next morning the cycle repeats itself.