Mozilla Release Firefox 3.6.13 Security Update


Mozilla Firefox 3.6.13

While using my Firefox web browser this morning, I was notified about a new available security and stability release – Firefox version 3.6.13. I immediately downloaded the latest version and updated Firefox. After that, I checked on the Mozilla website to find out more about the security issues that were addressed. I found out that this release contains patches for 11 vulnerabilities with 9 of those being deemed as critical.

Here’s the complete list of vulnerabilities that were patched in Firefox 3.6.13:

Moderate Impact

  • XSS hazard in multiple character encodings

High Impact

  • Location bar SSL spoofing using network error page

Critical Impact

  • Incomplete fix for CVE-2010-0179
  • Integer overflow vulnerability in NewIdArray
  • Use-after-free error with nsDOMAttribute MutationObserver
  • Java security bypass from LiveConnect loaded via data: URL meta refresh
  • Add support for OTS font sanitizer
  • Crash and remote code execution using HTML tags inside a XUL tree
  • Chrome privilege escalation with window.open and <isindex> element
  • Buffer overflow while line breaking after document.write with long string
  • Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

Aside from the Firefox release, Mozilla has also released a security update for their email client – Thunderbird version 3.1.7. The Thunderbird release contains several bug fixes for performance and stability as well as enhancements for better handling of locally stored large folder files and improvements to reduce the risk of corruption of local IMAP mailbox copies.

If you are using Mozilla Firefox as your web browser and Thunderbird as your default email client, it is strongly recommended that you immediately update to the latest versions. In case you didn’t receive any notifications while using Firefox of Thunderbird, you can download and install the updates manually from their respective websites – Firefox website and Thunderbird website

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

6 Comments

  1. JP Habaradas

    December 12, 2010 at 6:35 PM

    @Sreejesh – You’re welcome!

  2. Sreejesh

    December 12, 2010 at 6:33 AM

    ooh thanks for reporting this news

  3. JP Habaradas

    December 11, 2010 at 2:05 PM

    @pagbasa – You don’t need a built-in antivirus on Firefox. As long as your antivirus program is always updated, you’ll be fine.

  4. pagbasa

    December 11, 2010 at 2:02 PM

    I wish Firefox has a built in Anti Virus. Palagi nalang ako na virus sa pag rere-search ko nang kung anu anu lang!

  5. JP Habaradas

    December 11, 2010 at 11:55 AM

    @Sourish – You’re welcome! Same here, can’t live without Firefox and my favorite extensions/addons. :D

  6. Sourish @ Jailbreak Iphone 4

    December 11, 2010 at 11:52 AM

    thanks , i just updated. i have disabled auto update feature on my browser . cant live without firefox a day

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">