Firefox 3.0.2/18.104.22.168 fixes critical flaws
Mozilla has issued four security advisories as part of its Firefox 3.0.2 and 22.214.171.124 updates, two of which are labelled as critical.
2008-42 is an advisory that is seemingly common with Mozilla, it's a "Crashes with evidence of memory corruption" issue. The interesting part this time around (for me at least) is that some of these crashes were reported by Apple to Mozilla. The Mozilla advisory notes that, "Drew Yao of Apple Product Security reported two crashes in Mozilla image rendering code." Good to hear the Apple is sharing security information with Mozilla (and vice versa).
2008-40 explained that:
Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.
The vulnerability allowed an attacker to move the content window while
the mouse was being clicked, causing an item to be dragged rather than
clicked-on. This issue could potentially be used to force a user to
download a file or perform other drag-and-drop actions.