MOZILLA HAS PATCHED both of its Firefox 3.5 and 3.0 web browsers today, to versions 3.5.4 and 3.0.15 respectively.
Overall, 11 critical bugs were fixed in Firefox 3.5.3 out of a total of 16 patches. Firefox 3.0.14 received 10 patches, with 5 fixes marked critical.
Several of the bugs might have enabled exploits that allowed malware writers to run unauthorised code on users’ machines, including a bug in Firefox’s GIF parser and bugs in several individual third party modules – liboggz, libvorbis and liboggplay – all of which were added in Firefox 3.5.
Four critical stability issues were also fixed across both versions of Firefox, which were marked as critical and upon which Mozzarella commented:
“Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”