Oct 292009

Mozilla has hurried the release of its new version of Firefox browser, Firefox 3.5.4. I would recommend users to upgrade to this newer version as there are as many as 11 Security Fixes of which 6 are critical and 3 are moderate and the rest of low priority. In addition to this they are also fixed a lot stability issues with the browser in general.

If you had Auto update enabled (which is enable by default anyway) then the next time you start Firefox it should download and install the newest version of Firefox for you.

To find if Auto update is enabled,

1. Open Firefox, click Tools – Options – Advanced
2. Click Update tab and see if

“Firefox” is ticked under Automatically check for updates and

“Automatically download and install the update” under When updates are found for Firefox.


Also, you may click Help – Check for Updates menu item as well to download and install Firefox 3.5.4 or download directly from here


The following are the list of Security issues order from Crtical to Low priority:

Critical Security Issues fixed:

Crashes with evidence of memory corruption (rv:
Upgrade media libraries to fix memory safety bugs
Heap buffer overflow in string to number conversion
Chrome privilege escalation in XPCVariant::VariantDataToJS()
Heap buffer overflow in GIF color map parser
Crash with recursive web-worker calls

Moderate Security Issues fixed:
Cross-origin data theft through document.getSelection()
Crash in proxy auto-configuration regexp parsing
Form history vulnerable to stealing

Low Security Issues fixed:
Download filename spoofing with RTL override
Local downloaded file tampering

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>