Mozilla released an update to Firefox 3 on Tuesday that patches 12 security vulnerabilities, four of which it rated as critical.
Firefox 3.0.9, the web browser's third update this year, fixes two critical vulnerabilities in the Firefox browser engine and two in its JavaScript engine, according to a security advisory posted on Tuesday: "Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products."
The advisory warned: "Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort, at least some of these could be exploited to run arbitrary code."
One critical security bug fixed crashes caused by memory corruption, which the developers felt could have been used at some point to run arbitrary code.
Two other high-profile bugs involved a misinterpretation of a particular Adobe Flash code that could have been exploited, and a URI mismatch that also could have led to arbitrary JavaScript executions. However, there is no evidence in the bugs that these security holes had been exploited.
AOL.com and AIM.com web mail users should once again be able to view attached images inline and without hiccups. A bug created in Firefox 3.0.7 caused images to break where they had loaded properly in Firefox 3.0.6. Also, users who noticed previously stored cookies mysteriously disappearing should find that bug repaired.
The release comes as Mozilla prepares to release the fourth beta test of Firefox 3.5 — the next version of the open-source browser. Mozilla had originally planned to release its new 'Shiretoko' version of Firefox in early 2009. But after releasing Firefox 3.1 beta 3 last month, the organisation behind the browser said a fourth beta is planned — and with the new version number, 3.5.
Expected changes in Firefox 3.5 include faster execution of web-based JavaScript programs, a private-browsing mode, native support for the JSON (JavaScript Object Notation) technology for exchanging data between servers and browsers, and built-in audio and video abilities for bypassing Flash or other multimedia technologies.
In March, security-testing company Secunia reported that Mozilla had more vulnerabilities in its web browser last year than Internet Explorer, Safari and Opera combined, but that Mozilla dealt with those flaws more quickly than Microsoft did.
Meanwhile, Firefox continues to chip away at Internet Explorer's market dominance. Mozilla now has 22.05 percent of the global browser market share, compared with IE's 66.82 percent, a drop of more than seven percentage points in a year, according to figures from web-metrics company Net Applications.
Updates for Windows, Mac OS X, and Linux are available at the Mozilla site. Firefox 3 users will receive an update notification within 48 hours, or they can download the update manually by selecting "Check for Updates" from the Help menu.
CNET News.com's Seth Rosenblatt contributed to this report.
