Mozilla released Firefox 3.0.5 and your automatic update should have kicked in by now. This release is mainly focused on security and stability updates for the Firefox 3 release. You can find a list of security fixes at the end of this post.

In addition to the security fixes, the following updates are included in this release:

  • Official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages are now available.
  • Replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install.
  • When installing multiple signed XPIs simultaneously, previous versions of Firefox would fail.
  • Fixed several issues found in the accessibility implementation.
  • Added the ability to send OS-specific system notes in the crash reporter.

Security Fixes in Firefox 3.0.5
MFSA ID Impact Description
MFSA 2008-60 Critical Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
MFSA 2008-63 Low User tracking via XUL persist attribute
MFSA 2008-64 Moderate XMLHttpRequest 302 response disclosure
MFSA 2008-65 High Cross-domain data theft via script redirect error message
MFSA 2008-66 Low Errors parsing URLs with leading whitespace and control characters
MFSA 2008-67 Low Escaped null characters ignored by CSS parser
MFSA 2008-68 Critical XSS and JavaScript privilege escalation
MFSA 2008-69 Critical XSS vulnerabilities in SessionStore