- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

CNET.com

The Download Blog

March 28, 2009 1:12 AM PDT

Two security holes patched in Firefox 3.0.8

by Seth Rosenblatt

Correction and update:This post was updated at 1:53 p.m. with a corrected headline (the word "patched" was missing) and additional and winnowed information on the security holes.)

Mozilla published a critical security upgrade for Firefox Friday evening. Version 3.0.8 for Windows, Mac, and Linux fixes two security holes listed as "critical."

One patched an arbitrary code execution hole through an XUL element, and the other corrected an XSL stylesheet exploit. Both fixes patch crash-based security holes in which remote codes could have been run.

The release notes for Firefox 3.0.8 are available here.

Seth peers into the deep, dark corners of software so that you don't have to. He has yet to suffer a single nightmare about OS/2. You can follow him on Twitter.

Topics:: Browsers and extensions,; Mac Software,; Windows Software

Tags:: Mozilla,; Firefox,; security,; bug-fix,; patch

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

Recent posts from The Download Blog: So you got an iPhone, now what?; The 10 best new Firefox add-ons of 2009; New Android phone? Start with these free apps; Introducing the Utilities Starter Kit; Using Facebook and Twitter safely; Three free iPhone apps that make shopping easier; The last deal before Christmas; Opera 10.5 pre-alpha goes Chrome hunting

Add a Comment (Log in or register) (25 Comments)

prev
1
next

by futtta March 28, 2009 3:03 AM PDT

Wouldn't "Two security holes fixed in Firefox 3.0.8" be more correct as title?

Like this Reply to this comment


by angelod101 March 28, 2009 5:55 AM PDT: I was thinking the same thing. misleading headlines = more page hits. Kind of lame.; Like this


by EveningStarNM March 28, 2009 6:24 AM PDT: angelod101 might be right, but I didn't bother to read the article after noting the erroneous title. I simply made a mental note that the author, Seth Rosenblatt, might not be paying close enough attention to what he writes. Professional authors should do better.; Like this

by goodspeed8701 March 28, 2009 3:07 AM PDT

Wow... Well its the most secured browser. we are safe.

Like this Reply to this comment


by ElArZ March 28, 2009 3:32 AM PDT: They are fixing bugs, that is much more secure then never finding any.; Like this


by Richimorton March 28, 2009 7:46 AM PDT: I hope your being sarcastic ! I got Hijcked using Firefox so often I had to do a complete Windows Re install & now I use IE8 - so far so good ...............................; Like this


by goodspeed8701 March 28, 2009 11:40 AM PDT: Dont get me wrong guys.... Firefox thinks they are the most secured. Well they have an addon that will keep them more secured from clickjacking.; Like this


by michael_anand March 28, 2009 4:03 AM PDT: I thought the same thing futtta did: there are 2 MORE security holes in firefox 3.0.8; Like this Reply to this comment


by rmva March 28, 2009 5:29 AM PDT: Is there a particular time that the media is not unobservant ? Oh, right. Mondays and Tuesdays.; Like this Reply to this comment


by farker1 March 28, 2009 5:55 AM PDT: The tone of this article is insane, and the headline is misleading. Sounds like it was written by MS.; Like this Reply to this comment


by Magicland March 28, 2009 6:43 AM PDT: With all the people out of work, how come Seth Rosenblatt isn't one of them? Surely cnet can find someone capable of writing a coherent title, if not an entire coherent article.; Like this Reply to this comment


by stufisch March 28, 2009 6:46 AM PDT: DITTO.

Headline Generator must have been give his/her severance package ... and replacement from Mumbai probably mis-translated ....; Like this Reply to this comment

by keano12 March 28, 2009 7:20 AM PDT

You know, you don't have to correct every little thing in this world people, God, don't you bratty Americans have any social life to think oh rather than trying to be perfect? Shish, perfectionists. No one's perfect in this reality we call life you know.

Like this Reply to this comment


by keano12 March 28, 2009 7:26 AM PDT: Oh and by the way, do you guys have the time to check your own comments? Because I read your comments and I saw more errors in it than what George Bush did to America. :) No offense. :) Ohhh Apple fanboy up there. :D; Like this


by cvaldes1831 March 28, 2009 8:19 AM PDT: This is supposed to be a professionally-run media company, with writers, copyreaders, editors, etc.

These types of errors are sheer sloppiness, as if you went to a restaurant and the waiter dropped off uncooked beef instead of the charbroiled steak listed on the menu or were given a pint of bitters when you asked for champagne.

Above all, a technology media company needs to get security announcements right.; Like this


by rmva March 28, 2009 8:40 AM PDT: As much as it pains me, I am going to say something positive about cnet. Before the CBS takeover, everyone at cnet went home at 5 on Friday. Some really serious malware exploded on weekends. Now, at least, they sumarize the really important stories on weekends.; Like this Reply to this comment


by logicbus March 28, 2009 9:08 AM PDT: I have to agree with earlier posters -- The title of this article makes it sound like version 3.0.8 has security holes. It made me think that Mozilla was in a position to quickly put together version 3.0.9. When I checked my version of Firefox and found that it was 3.0.7, I thought that maybe the headline was incorrect. Sure enough. It's an erroneous headline. It's a mistake, and I expected it to be fixed by now.; Like this Reply to this comment


by whattaguy62 March 28, 2009 9:19 AM PDT: You have to remember this is the same news operation that calls Katie Couric its top journalist.; Like this Reply to this comment

by jmdsdf March 28, 2009 10:50 AM PDT

Misleading headline. Firefox is far more secure than Internet Explorer.

Like this Reply to this comment


by goodspeed8701 March 28, 2009 11:43 AM PDT: Wrong!!!; Like this


by SeizeCTRL March 30, 2009 2:34 PM PDT: You can't say WRONG without offering proof. Firefox does not tie directly into the OS so it's far more secure than IE.; Like this


by mirceacn March 28, 2009 12:28 PM PDT: "Two security holes in Firefox 3.0.8" - And this is how you get a bad rating in WOT plugin for Firefox...
EveningStarNM you are right (misleading headlines = more page hits)

Ok I'm going to read the news on softpedia; Like this Reply to this comment


by mmpc1 March 29, 2009 9:15 AM PDT: The only thing that has updated on my laptop is Firefox and I've had problems ever since. Had to go back to IE.; Like this Reply to this comment


by Angmarr March 29, 2009 1:06 PM PDT: common 3.5 where r u ... scooby doo!!!!; Like this Reply to this comment


by queticomn March 30, 2009 12:11 PM PDT: I love FireFox will never look at Ie or Chrome.

One thought though, i was trying to remember the last time Opera Software plugged a security hole on Opera browser?

I do not recall.; Like this Reply to this comment

(25 Comments)

prev
1
next

Search Download Blog posts

About The Download Blog

Download.com editors cover the world of downloadable software and beyond.

Add this feed to your online news reader

The Download Blog topics

download: Site map; Help center; Our software policies; Newsletters; Submit software

Popular topics: Apple iPhone; Apple iPod; Cell phones; CES 2010; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET API; About CNET

©2009 CBS Interactive Inc. All rights reserved.
© 2009 CBS Interactive. All rights reserved.
Privacy Policy (UPDATED)
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet

My Lists
My software updates
log in | join CNET