Firefox Update Released

Mozilla has released a new version of Firefox which fixes two vulnerabilities. One of the vulnerabilities affects also Mozilla Seamonkey. Both vulnerabilities makes it possibly to execute arbitrary code in target system.

The first vulnerability can be exploited by luring a user to open specially crafted XML file. That results to browser crash and an attacker may be able to execute malicious code in target system. Also Mozilla Seamonkey is affected by this vulnerability.

The other fixed vulnerability is related to the handling of XUL element. By exploiting the vulnerability an attacker may make target browser crash and execute malicious code in target system. This vulnerability doesn't affect Seamonkey and older Firefox 2.x.x versions.

Vulnerable versions are:
- Mozilla Firefox prior 3.0.8 version
- Mozilla Seamonkey 1.1.15 and earlier versions

Firefox users should get version 3.0.8 either thru browser's in-built updater or by downloading the latest version here. Seamonkey users have to wait for update since it's not released at the moment of writing this. It can be found here when released.

Firefox 3.0.8 release notes can be found here.