Mozilla patches critical Firefox bugs

San Francisco (CA) – Mozilla has patched a number of security and stability issues plaguing its popular Firefox browser.

“We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3, you will receive an automated update notification within 24 to 48 hours,” the company explained in a statement. “This update can also be applied manually by selecting ‘Check for Updates’ from the Help menu.”

The update patched several vulnerabilities affecting the SQLite internal database that could be used to intercept a CONNECT request and reply with a non-200 response containing malicious code.

Other notable fixes include:

  • URL spoofing with invalid unicode characters – An attacker could exploit this vulnerability to spoof the location bar and display a misleading URL for their malicious web site.
  • Crashes with evidence of memory corruption – Crashes indicated evidence of memory corruption under certain circumstances. These crashes could theoretically be used to run arbitrary code.
  • Incorrect principal set for file: resources loaded via location bar – This vulnerability could potentially grant the newly loaded document privileges to access the contents of additional local files.
  • Arbitrary domain cookie access by local file: resources – Local resources loaded via the file: protocol can access any domain’s cookies which have been saved on a user’s machine.