Firefox 3.0.5 Has Dropped

Firefox logoMozilla released Firefox 3.0.5 and your automatic update should have kicked in by now. This release is mainly focused on security and stability updates for the Firefox 3 release. You can find a list of security fixes at the end of this post.

In addition to the security fixes, the following updates are included in this release:

  • Official releases for the Bengali, Esperanto, Galician, Hindi, and Latvian languages are now available.
  • Replaced the End-User License Agreement with a new "Know Your Rights" info bar on initial install.
  • When installing multiple signed XPIs simultaneously, previous versions of Firefox would fail.
  • Fixed several issues found in the accessibility implementation.
  • Added the ability to send OS-specific system notes in the crash reporter.
  MFSA ID        Impact     Description
  -------------- ---------- --------------------------------------------------------------------
  MFSA 2008-60   Critical   Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  MFSA 2008-63   Low        User tracking via XUL persist attribute
  MFSA 2008-64   Moderate   XMLHttpRequest 302 response disclosure
  MFSA 2008-65   High       Cross-domain data theft via script redirect error message
  MFSA 2008-66   Low        Errors parsing URLs with leading whitespace and control characters
  MFSA 2008-67   Low        Escaped null characters ignored by CSS parser
  MFSA 2008-68   Critical   XSS and JavaScript privilege escalation
  MFSA 2008-69   Critical   XSS vulnerabilities in SessionStore

My Bookshelf

Reading Now

Other Stuff