The Mozilla project released Firefox 3.0.9 today to address several security and stability issues. In addition to the security fixes listed below, this update also fixes a few bugs that were impacting user experience. For example, a local database corruption was resulting in an apparent loss of stored cookies.
The following list contains the security fixes included in this release of Firefox 3.0.9. For more detailed information, refer to the Firefox 3.0 Security Advisories page.
- MFSA 2009-14 Crashes with evidence of memory corruption (rv:22.214.171.124)
- MFSA 2009-15 URL spoofing with box drawing character
- MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
- MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
- MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
- MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
- MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame