Firefox 3.0.4 is ready for action

Mozilla has released Firefox 3.0.4 to address several issues with Firefox 3.0.3. This release includes a bunch of security fixes which I've enumerated in the table below.

In addition to the security fixes, the following bugs have been addressed:

  • Fixed an issue where the IME input tool used to enter Japanese, Korean, Chinese and Indic characters was covered by the "Add Bookmark" panel.
  • Fixed an issue where some passwords saved using Firefox 3.0.2 did not work properly.
  • In some cases, Firefox would not properly save proxy settings for protocols other than HTTP.
MFSA ID        Impact     Description
-------------- ---------- -----------------------------------------------------------------------
MFSA 2008-47   Moderate   Information stealing via local shortcut files
MFSA 2008-51   Moderate   file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-52   Critical   Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-53   Critical   XSS and JavaScript privilege escalation via session restore
MFSA 2008-54   Critical   Buffer overflow in http-index-format parser
MFSA 2008-55   Critical   Crash and remote code execution in nsFrameManager
MFSA 2008-56   High       nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-57   High       -moz-binding property bypasses security checks on codebase principals
MFSA 2008-58   Low        Parsing error in E4X default namespace

My Bookshelf

Reading Now

Other Stuff