The Mozilla Firefox browser has just received an update, and you should probably download it if you want to protect your computer from nearly a dozen critical vulnerabilities.
Firefox 3.5.4, released earlier this morning, is being called a security and stability update. It doesn't add new features, but instead directly deals with Firefox stability issues, fixes a few bugs (i.e. the ability to re-submit crash reports), and most importantly, patches up a group of security vulnerabilities.
And from reading the list of fixed security issues, we recommend you upgrade as soon as possible. Here are the security issues this version of Firefox patches:
- Crashes with evidence of memory corruption
- Upgrade media libraries to fix memory safety bugs
- Download filename spoofing with RTL override
- Cross-origin data theft through document.getSelection()
- Heap buffer overflow in string to number conversion
- Chrome privilege escalation in XPCVariant::VariantDataToJS()
- Heap buffer overflow in GIF color map parser
- Crash in proxy auto-configuration regexp parsing
- Crash with recursive web-worker calls
- Local downloaded file tampering
- Form history vulnerable to stealing