Firefox Hits Seventh Heaven
Page 1 of 1
Firefox users, update your browsers.
Mozilla has released its seventh update this year, Firefox 220.127.116.11, which fixes four critical security issues in the popular open source browser.
The corruption could lead to a heap buffer overflow, which could then be used by an attacker to run arbitrary code.
A critical concurrency-related vulnerability is described by Mozilla Foundation Security Advisory 2006-59, which could trigger crashes.
"We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be," according to the Mozilla advisory.
Another critical security flaw fixed in Firefox 18.104.22.168 also deals with memory crash conditions that could lead to arbitrary code execution.
Mozilla Foundation Security Advisory 2006-64 actually deals with a number of crash conditions grouped together for the advisory under the title, "Crashes with evidence of memory corruption."
Mozilla's advisory notes that as part of Firefox 22.214.171.124, several bugs were fixed to improve stability.
"Some of these were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort."
The 126.96.36.199 release comes about a week later than it had first been expected.
As recently as Aug. 30, Mozilla developers had pegged Sept. 7 as the release date for the seventh update to the Firefox 1.5.x browser this year.
The delay was the result of Mozilla developers issuing a record-breaking number of release candidates for testing.
Last Friday, Mozilla developer Jay Patel wrote in a posting that, "We had to take a few fixes late last week and earlier this week, which has pushed out the release schedule for 188.8.131.52."
Those late fixes pushed the expected release out to Tuesday Sept. 12.
On Monday Patel revised the schedule again.
"We had to respin for another security bug over the weekend and are now at rc6 (a new record!]," Patel wrote.