Mozilla has released an update for two older versions of its popular Firefox Web browser, offering a trio of critical fixes and bumping the Firefox 3.0.x and 3.5.x releases to 3.0.18 and Firefox 3.5.8, respectively.
Users of the more recent Firefox 3.6 have nothing to worry about, though, since their browser was fixed last month for the same issues now affecting the two older versions.
Mozilla typically continues to support its older browser releases with security fixes for at least six months after a new numbered browser release. Mozilla released Firefox 3.6 at the end of January, with the new version being made available as an update option for Firefox 3.5.7 users.
In total, the new Firefox 3.5.8 and 3.0.18 updates deliver five key security fixes, three rated by Mozilla as being critical in severity, and two rated as moderate.
On the critical side is a fix for crashes that potentially could have led to memory corruption issues.
There is also a second critical fix for what Mozilla describes as a "Web Worker Array Handling Heap Corruption Vulnerability." The Web Worker API is a mechanism by which a Web application can trigger background scripts for message threading. According to Mozilla's advisory, there was an error in how Mozilla's Web Workers implementation handled array data types when processing posted messages.
"This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer," Mozilla's advisory stated.
The third critical flaw fixed by Mozilla has to do with a vulnerability in the HTML parser, in which it freed up used memory incorrectly.
"Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text," Mozilla stated in its advisory on the issue. "These conditions could result in the execution of arbitrary code if methods on the freed objects were subsequently called."
The new Firefox updates also fix a pair of moderate Cross Site Scripting (XSS) flaws. One of the XSS conditions had been possible due to having the window.dialog.Arguments object being readable across domains.
The second moderate XSS-related vulnerability stemmed from Firefox's SVG document handling. Both security vulnerabilities were reported to Mozilla by Microsoft and TippingPoint's Zero Day Initiative, Mozilla said.
The Firefox 3.5.8 update is the second security fix for the 3.5.x browser family this year following the 3.5.7 update, which came out in January prior to the release of Firefox 3.6.