Mozilla has released Firefox 3.0.4 to address several issues with Firefox 3.0.3. This release includes a bunch of security fixes which I've enumerated in the table below.
In addition to the security fixes, the following bugs have been addressed:
- Fixed an issue where the IME input tool used to enter Japanese, Korean, Chinese and Indic characters was covered by the "Add Bookmark" panel.
- Fixed an issue where some passwords saved using Firefox 3.0.2 did not work properly.
- In some cases, Firefox would not properly save proxy settings for protocols other than HTTP.
MFSA ID Impact Description
-------------- ---------- -----------------------------------------------------------------------
MFSA 2008-47 Moderate Information stealing via local shortcut files
MFSA 2008-51 Moderate file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-52 Critical Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-53 Critical XSS and JavaScript privilege escalation via session restore
MFSA 2008-54 Critical Buffer overflow in http-index-format parser
MFSA 2008-55 Critical Crash and remote code execution in nsFrameManager
MFSA 2008-56 High nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-57 High -moz-binding property bypasses security checks on codebase principals
MFSA 2008-58 Low Parsing error in E4X default namespace