The Firefox 3.5.3 update — available for Windows, Mac and Linux users — patches security holes that could allow drive-by download attacks if a user simply surfs to a booby-trapped Web site.
The open-source group released four bulletins — three rated critical — to explain the issues:
- MFSA 2009-51 — The
- MFSA 2009-49 — The columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim’s browser and run arbitrary code on the victim’s computer.
- MFSA 2009-47 — Crashes with evidence of memory corruption. Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
- MFSA 2009-50 — The default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.
The Firefox update is being pushed out via the browser’s automatic update mechanism. It can also be downloaded directly from Mozilla’s Web site.