Critical Bugs Patched in Older Versions of Firefox

Thursday Feb 18th 2010 by Kara Reeder

The critical flaws are in Firefox 3.5.8 and Firefox 3.0.18.

Mozilla has patched five vulnerabilities in older editions of Firefox. Computerworld reports that three of the vulnerabilities are rated as "critical."

The critical flaws are in Firefox 3.5.8 and Firefox 3.0.18 and affect the browsers' Gecko rendering engines, the HTML parsers, and their implementations of Web Worker. The bugs could allow a hacker to inject their own malware onto the machine. According to this advisory:

Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The remaining two vulnerabilities are rated "moderate" and could be exploited in cross-site scripting attacks.

Firefox 3.6 does not need to be updated as the vulnerabilities were addressed when the browser shipped on Jan. 21.

Mobile Site | Full Site