Mozilla Patches 10 Security Bugs With Firefox 3.5.6

Mozilla yesterday patched 10 bugs in Firefox, half of them critical, in the browser's rendering and JavaScript engines, media and video libraries, and other components.

Firefox 3.5.6, the browser's first security update since late October , fixed five flaws rated critical by Mozilla, one tagged as high, three pegged as moderate, and one labeled as a low threat. The five critical vulnerabilities were located in the rendering and JavaScript engines, and in the "liboggplay" and "libtheora" media and video libraries.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in the advisory that spelled out the rendering and JavaScript engine flaws.

Three of the four vulnerabilities outlined in MFSA-2009-065 generate browser crashes, while the last affects the TraceMonkey JavaScript engine that debuted in Firefox 3.5. Mozilla recommended users disable JavaScript in Firefox if they were unable to immediately patch the browser.

Firefox 3.0, which Mozilla will retire from security support next month, was also updated Tuesday with the release of version 3.0.16. The older browser received seven patches, just two of them marked critical.

Read more -here-

• Google, Meta, Apple receive FCC approval to tap into airwaves for VR and AR
• State-sponsored hackers are leveraging WinRAR bug
• Amazon launches drug delivery by drone
• Unpatched Zero-Day being exploited in the wild, Cisco warns
• Apple plans to update iPhones in-store without opening the boxes
• Microsoft just bought Activision Blizzard for $69 billion