Mozilla is updating its Firefox 3.x browser to version 3.0.12 for five critical security vulnerabilities. All of the issues have already been addressed in the latest Firefox 3.5.1 update which came out last week.
There is one particularly interesting fix in the 3.0.12 update dealing with Flash. According to Mozilla’s security advisory:
“When a page contains a Flash object which presents a slow script
dialog, and the page is navigated while the dialog is still visible to
the user, the Flash plugin is unloaded resulting in a crash due to a
call to the deleted object. This crash could potentially be used by
an attacker to run arbitrary code on a victim’s computer.”
So it’s a Flash flaw, but one that is something that Mozilla can fix – this is something that is already fixed in Firefox 3.5.1.
While Mozilla is steaming ahead pushing users to update to Firefox 3.5.x — Mozilla’s other big program — Thunderbird is moving along at a snail’s pace.