Mozilla issues eight Firefox bugs patches, six are critical

Chicago (IL) – A new version of Firefox has been released by Mozilla due to the discovery of several security flaws in the browser software. Firefox version 3.0.7, which is the second security update this year, will plug eight different security vulnerabilities, and six of them have been deemed critical, one “high” and one “low” in the four step ranking system established by Mozilla. The six critical bugs were in the Firefox garbage collection routine in the PNG libraries utilized by the browser, and additionally in the layout and JavaScript engines.

It was not determined whether the four vulnerabilities patched in JavaScript engines and the layout were capable of being exploited, but the company assumed they could be. “Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” stated the announcement on the company website.

The remaining patches were to plug holes which could be used in attempt to compromise private information and create false URLs to conduct phishing scams.

The update also addresses non-security concerns, including a bug that caused browser cookies to vanish, a Mac flaw associated with the Flashblock add-on (a popular Flash animation blocker), and some unspecified stability issues.

You can download the new version of Firefox for Windows, Linux, and Mac OS X from the Mozilla website. If you are already a user you may simply utilize the built-in update tool, or wait for the automatic update notification.