Critical flaws fixed in Firefox 3.5.4

If your a user of the Firefox web browser then it’s time to update your software again, as Mozilla has issued an important update that fixes a number of critical flaws.

In total, 16 vulnerabilities are patched in Firefox 3.5.4 – with 11 given the highest rating of “critical”. What does that mean? Well, according to Mozilla’s own website a “critical” vulnerability is one which “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.”

In other words, critical vulnerabilities can be used to invisibly install and run malicious code on your computer – such as a Trojan horse or worm.

As we revealed in the Sophos Threat Report [PDF] published earlier this year, SophosLabs sees in excess of 23,000 new malicious webpages every day – infected with the intention of compromising your computer. So it’s really important that alongside running up-to-date with anti-virus software, you ensure your web browser – whether it be Firefox, Internet Explorer, Safari, Opera, or something else – is protected with the latest patches.

The update is now available from the Mozilla website, but hopefully most existing users will be pestered into updating by Firefox’s auto-update facility.

Firefox’s security is becoming ever more important as it creeps up on Microsoft Internet Explorer’s pole position as number one browser for the web. It is estimated that there are now over 330 million users of Firefox - more than the population of the United States!

by Graham Cluley, Sophos