14 DAY TRIAL // Mozilla is currently working its way to Beta 4 of Firefox 3.5, what was until mid-March 2009 Firefox 3.1. With Firefox 3.5 looking like a summer 2009 release with the next Beta scheduled for the coming, Firefox 3.0 is the sole version of the open-source browser still tended to after the support lifeline was cut for Firefox 2.0 in December 2008. Firefox 3.0.8 is the latest update for Shiretoko's precursor, a milestone that went live over the weekend, and is now both served as an update and available for download.
“As part of Mozilla Corporation’s ongoing security update process, Firefox 3.0.8 is now available for Windows, Mac, and Linux,” revealed Samuel Sidler, Quality Assurance engineer at Mozilla. “We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.0.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. If you’re still using Firefox 2.0.0.x, this version is no longer supported and contains known security vulnerabilities. Please upgrade to Firefox 3 by downloading Firefox 3.0.8.”
Firefox 3.0.8 is designed to patch two Critical security vulnerabilities, according to Mozilla. The open-source browser is vulnerable to attacks exploiting flaws related to “arbitrary code execution through XUL <tree> element” and XSL Transformation. The vulnerability related to the XUL tree element was demonstrated recently at the CanSecWest conference in Vancouver when a security researcher completely took over a machine via Firefox at the Pwn2Own hacking contest.
The XSL Transformation vulnerability, labeled Critical, represents an even greater risk to Firefox users since proof-of-concept code for the flaw was released in the wild. “A XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer,” Mozilla informed.
Firefox 3.0.8 for Windows is available here.
Firefox 3.0.8 for Linux is available here.
Firefox 3.0.8 for Mac OS X is available here.