Mozilla's flagship Firefox browser is vulnerable to at least 11 "critical" vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.
The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser's form history.
One of the critical issues affect media libraries introduced in Firefox 3.5 when audio and video capabilities were added.
Here's the skinny on the high-risk issues in this Mozilla Firefox patch batch:
MFSA 2009-64 (Critical) -- Crashes with evidence of memory corruption. Four different vulnerabilities were documented. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
MFSA 2009-63 (Critical) -- Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues. Three different vulnerabilities were documented.
MFSA 2009-56 (Critical) -- A heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer. This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.
The Firefox 3.5.4 update will be distributed via the browser's automatic update mechanism. It should be deployed within the next 24 to 48 hours. Alternatively, users can use the "Check for Updates" tool to manually apply the update.