Mozilla has released patches for both versions 2.0 and 3.0 of the Firefox web browser. The updates patch two security vulnerabilities that have been rated as "critical" by Mozilla, including a variant of a vulnerability that could be exploited to do what has been termed as a "carpet bombing [1]" attack. The second patch fixes the way Firefox handles references to CSS objects, which can be exploited to force a crash that can lead to malicious code being executed. A third patch resolves a security hole that applies only to Firefox 3.0 running on the Mac OS X, which was discovered by a security engineer at Apple.
Mozilla took the opportunity to issue a reminder that Firefox 2.0 will only be supported with security updates until mid-December. Users are encouraged to upgrade to Firefox 3.0 [2].
For more on the new Firefox patches:
- check out this ComputerWorld article [3]
Links:
[1] http://www.securityfocus.com/brief/760
[2] http://www.mozilla.com/products/download.html?product=firefox-3.0.1&os=win&lang=en-US
[3] http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=networking_and_internet&articleId=9110199&taxonomyId=16