14 DAY TRIAL // Mozilla has released stability and security updates for the 3.5 and 3.0 Firefox branches. The new 3.5.6 and 3.0.16 versions of the popular browser address several security vulnerabilities, some of which are rated critical.
Five of the bugs were common for the latest stable versions of Firefox 3.0 and 3.5, while two only affected the latter. By their impact, the flaws that affect both branches are organized as follows: critical (MFSA 2009-65), high (MFSA 2009-68), moderate (MFSA 2009-69, MFSA 2009-70), low (MFSA 2009-71). The Firefox 3.5-only vulnerabilities, MFSA 2009-66 and MFSA 2009-67, are considered critical.
The MFSA 2009-65 advisory concerns several crashes with evidence of memory corruption. Even though there is no evidence of exploitation, such conditions can theoretically be leveraged to execute arbitrary malicious code.
A similar issue is described in MFSA 2009-66 and is caused by bugs in the liboggplay library. An attacker can potentially exploit these issues to generate crashes that can facilitate remote code execution. The final critical flaw with arbitrary code execution implications is covered in MFSA 2009-67 and is caused by an integer overflow in the Theora video library.
Meanwhile, MFSA 2009-68 deals with a problem in the NTLM implementation, which can be exploited by an attacker via specially crafted Web page to force a user to send rogue requests to an application using their NTLM credentials. Another issue, explained in MFSA 2009-69, can be used to forge the SSL indicators for a connection over an insecure protocol.
The new versions also address a content window privilege escalation condition (MFSA 2009-70) that could become critical when combined with some vulnerable Firefox extension. Finally, a low risk issue with the GeckoActiveXObject exception messages can be abused to track users while over different browsing sessions. This problem is described in MFSA 2009-71.
Mozilla Firefox 3.5.6 and 3.0.16 can be downloaded from here.