Yes, it turns out that Firefox has critical security bugs, too.  Microsoft Internet Explorer is not alone in dealing with security problems.  But at least the Mozilla Foundation is generally good about reacting to them swiftly.

In case you haven’t noticed Firefox telling you that you need to update to 3.0.5, you probably should do so soon.  Firefox 3.0.5 fixes several security bugs in Firefox, including a few XSS (Cross-Site Scripting) and JavaScript privilege escalation bugs.

According to security researchers at Secunia:

1. Errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
2. An error when processing the “persist” XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions.
3. Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges.

Maybe this is yet another opportunity for Google to promote Chrome?

[c/o CNET News]

Filed under: Consumer Web, Security