Firefox 3.0.7 targets security issues
Web browser's second security update in a month addresses eight issues, six of which are deemed critical.
Mozilla on Wednesday released an update to the Firefox Web browser that its developers said fixes eight security issues found in Firefox 3.0.6, six of which were rated critical.
The most serious of the vulnerabilities fixed in version 3.0.7 for Windows, Mac, and Linux could allow attackers to run arbitrary code on a victim's computer, Mozilla warned in security advisories Wednesday.
The six critical flaws affect the browser's garbage collection--which monitors how Firefox modules use the computer's memory--as well as the browser's PNG libraries and in the layout and JavaScript engines.
Mozilla developers said they weren't sure the layout and JavaScript flaws could be exploited.
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in an advisory.
Updates for Windows, Mac OS X, and Linux are available at the Mozilla site. Firefox 3 users will receive an update notification within 48 hours, or they can download the update manually by selecting "Check for Updates" from the Help menu.
The update--Mozilla's second this year--comes as Firefox continues to chip away at Internet Explorer's market dominance. Mozilla now has 21.77 percent of the global browser market share, compared with IE's 67.44 percent, a drop of more than 7 percentage points in a year, according to figures from Web metrics company Net Applications.