Mozilla patches 'critical' Firefox memory corruption crashes

Mozilla has released a new version of its flagship Firefox browser with fixes for five six security vulnerabilities, one carrying a "critical" rating.

The most serious issue addressed in today's Firefox 2.0.0.4 update pertains to browser crashes with evidence of memory corruption. This fix (MFSA 2007-12) rolls up several bug fixes that, under certain conditions, could presumably lead to code execution attacks.

The update also fixes a high-risk cross-site scripting flaw, an XUL pop-up spoofing bug, a vulnerability that could allow path abuse in cookies, a hole in APOP authentication and a persistent auto-complete denial-of-service flaw.

So far this year, Mozilla has issued shipped fixes for 17 Firefox security issues.

As expected, Mozilla also shipped the final Firefox 1.5 version with patches for the flaws discussed above. This version of Firefox 1.5 includes an auto-update mechanism to migrate users to the more secure/stable Firefox 2 versions.

Firefox 1.5.0.12 is available for download here but all users are encouraged to upgrade to Firefox 2.

Over the coming weeks, Mozilla will be presenting 1.5.0.12 users with a notification message that will offer users a "major update" to Firefox 2. Upon confirmation, a user’s browser will be upgraded from 1.5.0.12 to 2.0.0.4, according to a post on the Mozilla Developer blog.