Fixed in Firefox 3.0.11

Firefox 3 釋出功能與安全性更新版。

Release Date:

June 11, 2009

Security Update:

• MFSA 2009-32 JavaScript chrome privilege escalation
• MFSA 2009-31 XUL scripts bypass content-policy checks
• MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar
• MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
• MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
• MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
• MFSA 2009-26 Arbitrary domain cookie access by local file: resources
• MFSA 2009-25 URL spoofing with invalid unicode characters
• MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

Several issues were reported with the internal database, SQLite, which have now been fixed by upgrading to a newer version.

Fixed an issue where, in some specific cases, the bookmarks database would become corrupt. (bug 464486)

Sage_PCADV

不太清楚 PCADV 的 rss 有什麼問題，只知道每當 PCADV 推出每月最佳 C/P 值的顯示卡文章時，我的 Sage 就會掛點，會出現 Javascript 錯誤，似乎陷入超長迴圈。

Sage CE

Fixed in Firefox 3.0.10

Firefox 3 釋出功能與安全性更新版。

Release Date:

April 27, 2009

Security Update:

• MFSA 2009-23 Crash in nsTextFrame::ClearTextRun()

Fixed a major stability issue.

Fixed in Firefox 3.0.9

Firefox 3 釋出功能與安全性更新版。

Release Date:

April 21, 2009

Security Update:

• MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
• MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
• MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
• MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
• MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
• MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
• MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
• MFSA 2009-15 URL spoofing with box drawing character
• MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

Fixed several stability issues.

Official releases for the Bulgarian, Marathi, and Occitan languages are now available.

Many users experienced an issue where a corrupt local database caused Firefox to “lose” its stored cookies. (bug 470578)

Fixed an issue where, starting with Firefox 3.0.7, inline image attachments on popular webmail services (like AOL and AIM) would not display. (bug 482659)

Large forms would sometimes take a long time to submit. (bug 426991)

In certain cases, new windows would not have proper focus. (bug 446568)

Fixed in Firefox 3.0.8

Firefox 3 釋出功能與安全性更新版。

Release Date:

March 27, 2009

Security Update:

• MFSA 2009-13 Arbitrary code execution through XUL <tree> element
• MFSA 2009-12 XSL Transformation vulnerability