From the “weird and wacky ways browser can be exploited” files:
As I noted last week Firefox 3.0.4 is out now (technically late yesterday) fixing at least 9 security fixes four of which are labeled as “critical”.
I love the Session Restore feature as I’m the kind of user that always has 10+ tabs open all the time. To think that it could be used as a vehicle to exploit me is “interesting” to say the least. According to Mozilla, as a result of that flaw potentially, “any otherwise unexploitable crash can be used to force the user into the session restore state.”
Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Shortcut files?! Really? Mozilla only labels this flaw as “moderate” since they view it as being a little complex to execute. The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.
As part of the update Mozilla is also updating Firefox 2.x to 22.214.171.124 though it’s clear that the Firefox 2.x’s days are numbered. With Firefox 3.1 around the corner (the Beta 2 release is likely next week now with a test day scheduled for Friday), it will soon be time for Firefox 3.x users to upgrade too.