Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.
The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page. In all, Mozilla released 11 advisories, six rated critical. Here’s a list of the security vulnerabilities being addressed:
- MFSA 2009-64
Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) - MFSA 2009-63
Upgrade media libraries to fix memory safety bugs - MFSA 2009-62
Download filename spoofing with RTL override - MFSA 2009-61
Cross-origin data theft through document.getSelection() - MFSA 2009-59
Heap buffer overflow in string to number conversion - MFSA 2009-57
Chrome privilege escalation in XPCVariant::VariantDataToJS() - MFSA 2009-56
Heap buffer overflow in GIF color map parser - MFSA 2009-55
Crash in proxy auto-configuration regexp parsing - MFSA 2009-54
Crash with recursive web-worker calls - MFSA 2009-53
Local downloaded file tampering - MFSA 2009-52
Form history vulnerable to stealing
Read the release notes [mozilla.com]