Mozilla Firefox 3.0.9 Fixes XSS Flaws
Page 1 of 1
From the "Don't refresh until you update" files:
Mozilla is out with Firefox 3.0.9 today, fixing at least one critical set of vulnerabilities and issuing 9 security advisories in total.
The one critical security issue is another "Crashes with evidence of memory corruption" advisory, which nearly every Firefox update of the past three years has included. More interestingly, Firefox 3.0.9 includes several fixes related to XSS (cross-site scripting) related flaws.
There is also a same origin violation (in my view, this is still XSS) with how Mozilla handles Adobe Flash. According to Mozilla's advisory on the Flash handling flaw, "The Flash file can bypass restrictions imposed by the crossdomain.xml mechanism and initiate HTTP requests to arbitrary third-party sites. This vulnerability could be used by an attacker to perform CSRF attacks against these sites."