Firefox Updated to 2.0.0.14 to Fix Memory Leak

[ganeshbala]

Firefox Updated to 2.0.0.14 to Fix Memory Leak

Mozilla has finally patched that memory leak bug in its JavaScript engine, updating Firefox to version 2.0.0.14. Firefox users have long complained about problems with some JavaScript pages, which caused Firefox to slow down and eventually crash.

"This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past," Mozilla said.

The problems were "introduced" by the 2.0.0.13 version, attempting to fix security problems in the JavaScript engine. At the time, Mozilla issued an update to correct memory corruption under certain circumstances which, with enough effort, could theoretically be exploited to run arbitrary code. However, the fix introduced stability issues during JavaScript garbage collection.

The garbage collector in JavaScript is designed to reclaim memory space which is not longer needed and returns it to the system. Thunderbird has not been updated since early February and since it uses the same engine as Firefox, its stability issue was not corrected yet. For maximum security, Mozilla recommends that users disable JavaScript support in Thunderbird to avoid.

To update to version 2.0.0.14, users can either wait until the browser's automatic updater kicks in or they can either call on the updater from the help menu or download the program from firefox.com.

Source: eflux