Firefox Patches 11 Security Vulnerabilities

Mozilla Corp issued a patch on Tuesday that fixed 11 vulnerabilities in Firefox version 3.0. More than half of them were labeled critical. The updates cover Windows, Mac OS X and Linux.

Firefox had four stability bugs in the browser’s graphics rendering, layout and JavaScript engines that can crash the program and might be exploitable with malicious code.

“Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said in a statement.

While some updates addressed Firefox version 2.0, Mozilla urged all users to upgrade to the latest 3.0 version of its Web browser.

Another bug was described as a variant of a “click-hijacking” vulnerability first reported in Microsoft Corp’s Internet Explorer. Microsoft first patched the bug in 2003, then patched it again the following year. The Firefox variant could be used to force a user to download a file.

Other issues were addressed in Firefox 3.0.2, including several stability problems and a bug that caused browsers with customized toolbars to delete the back and forward buttons.