Mozilla has released Firefox 3.0.4 to address several issues with Firefox 3.0.3. This release includes a bunch of security fixes which I’ve enumerated in the table below.
In addition to the security fixes, the following bugs have been addressed:
- Fixed an issue where the IME input tool used to enter Japanese, Korean, Chinese and Indic characters was covered by the “Add Bookmark” panel.
- Fixed an issue where some passwords saved using Firefox 3.0.2 did not work properly.
- In some cases, Firefox would not properly save proxy settings for protocols other than HTTP.
| MFSA ID | Impact | Description |
|---|---|---|
| MFSA 2008-47 | Moderate | Information stealing via local shortcut files |
| MFSA 2008-51 | Moderate | file: URIs inherit chrome privileges when opened from chrome |
| MFSA 2008-52 | Critical | Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) |
| MFSA 2008-53 | Critical | XSS and JavaScript privilege escalation via session restore |
| MFSA 2008-54 | Critical | Buffer overflow in http-index-format parser |
| MFSA 2008-55 | Critical | Crash and remote code execution in nsFrameManager |
| MFSA 2008-56 | High | nsXMLHttpRequest::NotifyEventListeners() same-origin violation |
| MFSA 2008-57 | High | -moz-binding property bypasses security checks on codebase principals |
| MFSA 2008-58 | Low | Parsing error in E4X default namespace |
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!