Firefox 3.5.6 patches critical security holes

A memory corruption bug and two issues with Ogg media technology are among the 62 fixes in the latest version of Mozilla's browser.

Mozilla has updated its Firefox browser to patch three critical security holes.

Firefox 3.5.6 and 3.0.16 both fix earlier memory corruption issues. "We presume that with enough effort at least some of these could be exploited to run arbitrary code," the security advisory said.

In addition, the earlier version of Firefox 3.5 had two critical vulnerabilities in its technology for playing Ogg-format media, one with the liboggplay media library and one with the libtheora video library.

The patches are among 62 fixes in the new Firefox, software that's translated into dozens of languages and runs on multiple operating systems. Users of the OS/2 operating system will be delighted to know that problems with Firefox's full-screen mode and with print preview have been resolved.

"We strongly recommend that all Firefox users upgrade to this latest release," Mozilla said in a blog posting. By default, Firefox downloads updates automatically then prompts users to restart when it's ready; updates also can be retrieved through the "check for updates" menu option.

Mozilla plans to cease supporting Firefox 3.0 in January. Meanwhile, a significant update, Firefox 3.6, is due by the end of the year .

Correction 1:23 p.m. PST December 17: This story was corrected to note that it was the earlier versions of Firefox that suffered the vulnerabilities.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments