"Mozilla Corp. today patched eight security vulnerabilities in Firefox, half of them critical memory corruption flaws in the browser's layout and JavaScript engines.

Firefox 3.0.7, the second security update this year to the open-source browser, fixes about the same number of bugs that Mozilla patched a month ago.

Of the eight vulnerabilities, six were rated "critical," one "high" and one "low" in Mozilla's four-step ranking system. The six critical bugs are in Firefox's garbage collection routine, in the PNG libraries used by the browser, and in the layout and JavaScript engines.

Mozilla was uncertain whether the four vulnerabilities patched in the layout and JavaScript engines could be exploited, but assumed as much. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the accompanying advisory read."

Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128986