The Mozilla team just released two new security updates for
its popular web browser, Firefox 3.5.3 and Firefox 3.014. The updates are now
available for Windows, Mac, and Linux users and fix several security issues as
well as stability issues.
Specifically, the new update for Firefox 3.5x fixes crashes
with evidence
pointing
to memory corruption. The team presumes that with enough effort, at least
some of these bugs could be exploited to run arbitrary code.
Additionally, the default Windows font used to render the location-bar and other text fields was improperly displaying certain Unicode
characters with tall line-height. An attacker could use this vulnerability to
prevent a user from seeing the URL of a malicious site.
There are other security concerns addressed which can be found
in the Security Advisories
release
notes.
Firefox 3.0.14 and Firefox 3.5.3 can be downloaded
here.