The latest update to Firefox pushed out to users last night via automatic update addresses 47 bugs and enhancements, according to Mozilla. 17 bugs were marked as "critical" or higher.
Five potential security vulnerabilities were patched including these 3 that were marked as "critical":
- MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
- MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability
- MFSA 2009-07 Crashes with evidence of memory corruption (rv:18.104.22.168)
Glenn Randers-Pehrson, Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau were credited with identifying and reporting the problems.
Most of the issues involve common C/C++ memory management bugs such as freeing uninitialized memory or memory that has already been freed. If Firefox were written in Java or C# or any language with automatic garbage collection they wouldn't have these problems, I'm just saying...
Mozilla has been updating Firefox 3 approximately once a month since its release in June of last year. Here's a list of all the updates so far:
- v3.0.7, released March 4, 2009
- v3.0.6, released February 3, 2009
- v3.0.5, released December 16, 2008
- v3.0.4, released November 12, 2008
- v3.0.3, released September 26, 2008
- v3.0.2, released September 23, 2008
- v3.0.1, released July 16, 2008
- v3.0, released June 17, 2008