On Wednesday, Mozilla released Firefox 3.0.4 (download for Windows and Mac) and Firefox 22.214.171.124 to address a dozen security flaws, half of which the browser maker ranks as critical. Among the critical is one that could allow an attacker privilege escalation after a session restore. Another could allow arbitrary code to execute with compromised Flash media files.
The updates are pushed automatically to current users and will take effect the next time the browser is restarted. Updates will soon no longer be available for users of Firefox 2; the update is a security update only. Current users of Firefox 2 are encouraged to upgrade by manually downloading Firefox 3 as soon as possible.
MFSA 2008-55: Critical
A crash and remote code execution is possible in nsFrameManager. This vulnerability can be exploited by modifying certain properties of a file input element before it has finished initializing. Details can be found in CVE-2008-5021
MFSA 2008-54: Critical
There's a buffer overflow in http-index-format parser as a result of the way Mozilla parses the http-index-format MIME type. Mozilla says by sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer. Details can be found in CVE-2008-0017.
MFSA 2008-53: Critical
MFSA 2008-52: Critical
Mozilla developers identified and fixed several stability bugs which may cause crashes in the browser engine used in Firefox and other Mozilla-based products. Details can be found in CVE-2008-5016 and CVE-2008-5017
MFSA 2008-50: Critical
Mozilla says by tampering with the window.__proto__.__proto__ object, a remote attacker can cause the browser to place a lock on a non-native object, leading to a crash and possible execution of arbitrary code. Details can be found in CVE-2008-5014
MFSA 2008-49: Critical
MFSA 2008-48: High
Mozilla says the canvas element in Firefox could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images. Details can be found in CVE-2008-5012
MFSA 2008-57: High
Mozilla says the -moz-binding CSS property can be used to bypass security checks which validate codebase principals. Details can be found in CVE-2008-5023.
MFSA 2008-56: High
MFSA 2008-51: Moderate
MFSA 2008-47: Moderate
Mozilla says locally saved .url shortcut files could be used to read information stored in the local cache. Details can be found in CVE-2008-4582.
MFSA 2008-58: Low
There's a parsing error in E4X default namespace. The error was caused by quote characters in the namespace not being properly escaped. Details can be found in CVE-2008-5024.