Firefox 3.0.6 has been released by Mozilla. As with all minor releases in Firefox 3, this release mainly focuses on security and stability fixes. Specific stability issues addressed include fixing display issues with long running Firefox processes and improving the interaction of scripted commands and plugins. For the privacy minded, the client user ID has been removed from crash reports. Finally, I've included a list of security fixes below.
| MFSA ID | Impact | Description |
|---|---|---|
| MFSA 2009-01 | Critical | Crashes with evidence of memory corruption (rv:1.9.0.6) |
| MFSA 2009-02 | High | XSS using a chrome XBL method and window.eval |
| MFSA 2009-03 | High | Local file stealing with SessionStore |
| MFSA 2009-04 | Moderate | Chrome privilege escalation via local .desktop files |
| MFSA 2009-05 | Low | XMLHttpRequest allows reading HTTPOnly cookies |
| MFSA 2009-06 | Low | Directives to not cache pages ignored |
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!