Firefox Fixes New and Older Versions Firefox 3.0.4 and 2.0.0.18 Released with Firefox 3.1 Beta 2 in the Wings Sean Michael Kerner
Mozilla is updating its mainline Firefox 3 browser with a security and stability update that provides at least nine security fixes, four of them "critical."
In addition to the latest version, 3.0.4, Firefox is pushing out 11 fixes for the older Firefox 2 browser, six of which are critical. If that wasn't enough, Mozilla is pushing forward at the same time on the development of its next browser platform Firefox 3.1 with Beta 2 testing today.
Among the critical fixes in Firefox 3.0.4 is a flaw involving Cross Site Scripting (XSS) and JavaScript privilege escalation via a Firefox browser session restore.
Mozilla's advisory on the flaw notes that the browser's session restore feature can be used to run JavaScript in the context of another site. According to Mozilla, as a result of that flaw potentially, "any otherwise unexploitable crash can be used to force the user into the session restore state."
Another critical flaw fixed in the update is one for a buffer overflow in the http-index-format parser. Mozilla credits Justin Schuh of the IBM X-Force security group for reporting the flaw. According to the advisory, by "sending a specially crafted header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer."
Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Mozilla labeled the flaw "moderate" due to the complexity of its execution, which requires two components.
The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.
Firefox 2.x users get mostly the same fixes as the 3.x branch with a few notable exceptions. One of them is a critical fix involving the Adobe Flash Player and a potential arbitrary code execution issue.
According to Mozilla's advisory on the issue, the flaw occurs because there are insufficient checks to determine if the Flash Player module is being properly unloaded. A flash file that gets unloaded improperly could trigger a crash, which could open the door for arbitrary code to run.
There's more to the fixes, such as a Firefox 2.x specific fix for an image stealing via canvas and HTTP redirect issue. According to Mozilla's advisory A simple HTTP redirect could have been used to potentially steal private information from a victim who is logged into a Web site that stores data in images.
Though Mozilla is still updating its Firefox 2.x browser, it is recommending that users upgrade to Firefox 3.0.4. Mozilla has provided a direct migration path for Firefox 2.x user since August. Firefox 2.x is targeted to hit its end of life by the end of the year.
Firefox 3.0.0.4 users themselves will soon be offered a chance to upgrade to an even new platform themselves. Mozilla is currently developing the Firefox 3.1 browser, which will include a private (a.k.a "porn" mode) mode for browsing as well as security and performance improvements.
Firefox 3.1 Beta 2 was originally expected to be released this week but has been delayed. Mozilla has now scheduled a test day for Firefox 3.1 Beta 2 for Friday, November 15th. A final general availability release date for Firefox 3.1 has not yet been publicly announced.
