The Mozilla team
just released two new security updates for its popular web browser, Firefox
3.5.4 and Firefox 3.0.15. The updates are now available for Windows, Mac, and
Linux users and fix several security issues as well as stability issues.
The updates cover a total spectrum of 16 security
vulnerabilities, six of which are rated as critical. Specifically, the new
update for Firefox 3.5.4
fixes
crashes with evidence pointing to memory corruption, a heap buffer overflow
in string-to-number conversion, a heap buffer overflow in GIF color map
parsers, crashes with recursive web-worker calls, and upgrades media libraries
to fix memory safety bugs among other things.
Keep in mind that these are just minor updates as Firefox
3.6 makes its official debut before the end of the year. Mike Beltzner, Mozilla’s
director of Firefox, told browser developers in a mailing list discussion that
he likes to think of Firefox 3.5.4 as “a minor release to quickly migrate our
user base to Firefox 3.6.” He have examples of 3.5.3 to 3.5.4 as being “minor
releases” which presumes that the 3.6 release will provide more than the normal
security updates and bug fixes.
"Firefox 3.6 will be primarily a release with security,
stability, speed and capability enhancements, with no visible user interface
changes over Firefox 3.5. As such, I think we should consider it as a candidate
for a minor update, stretching our definition of what types of updates we can
provide using that mechanism," Beltzner said. "The pace of technology
development in web browsers is speeding up rapidly, and we now face a challenge
of ensuring that we can continue to deliver modern web browsing experiences to
our users.”
In the meantime, Firefox 3.5.4 can be downloaded
here.