Firefox fixes SSL flaws

MOZILLA'S FIREFOX versions 3.5.2 and 3.0.13 are available for download to fix several known security problems.

As per usual the Mozzarella team strongly recommends that all users upgrade to the latest release, and it looks like you'd be a fool not to do so. The new releases patch several security issues and four out of the six for Firefox 3.5 are rated as critical. They should remove the risks of known SSL spoofing hacks and memory corruption problems that can open the browser up to exploits as well as crashes.

Advisory MFSA 2009-42 is described loosely as a "compromise of SSL-protected communication" while the MFSA 2009-45 summary says "crashes with evidence of memory corruption".

Whether those advisories mean anything to you or not, as a general rule critical security vulnerabilities can be exploited either to run attack code or install malicious software, or both, without the user's knowledge.

Firefox 3.0.13 has also been updated and it too has had SSL vulnerabilities patched. Mozilla said that two of its three security problems are rated as critical. It described those as a "heap overflow in certificate regexp parsing" and "compromise of SSL-protected communication", while the third is merely a 'moderate' issue.

Of course if you have better things to do, the automatic update should kick in soon. Just be advised to avoid using SSL in the meantime, which means don't do any online banking or commercial transactions.

With the Firefox project having announced that it surpassed 1 billion downloads of the browser last weekend it should be expecting a lot of upgrade traffic. µ