Mozilla has listened to the pleas of its considerable consumer base and have thusly released the latest Firefox 3.5.4. This newest Mozilla offering features a multitude of patches and fixes that specifically address several critical security issues, glitches, bugs, and errors that plagued past iterations of the popular web browser.

For instance, the program's tendency to crash and corrupt its own memory has been taken care of by the Mozilla development team. These browser engine stability bugs (which are also present in other Mozilla-based applications other than Firefox) have been immediately identified, analyzed, and fixed. The developers acknowledged that the memory corruption tendencies of sudden crashes could be exploited by hackers to run arbitrary code as well.

Mozilla has also corrected a number of memory safety and stability errors identified by the tireless members of the Mozilla community by upgrading Firefox's third-party, media-rendering libraries. The discovered bugs could possibly be abused by a hacker to crash a target's browser and run random code on their machine. Therefore, liboggplay, libvorbis, and liboggz have all received upgrades to settle these security matters.

When downloading a file with a filename containing an RTL (right-to-left) override character using Firefox, the name of the file shown in the dialog title bar is usually different from the name displayed in the dialog body. This is a glitch that a hacker could abuse by spoofing the file extension and name of a download, which could possibly cause a user to download an executable (i.e., malicious) program instead of a normal, non-executable file. Thankfully, Mozilla has also dealt with this issue care of the latest upgrade.

One other security issue that Mozilla has patched involves the fact that Firefox's document.getSelection function can cause cross-origin data theft, which breaks the same-origin policy. More to the point, JavaScript running in another domain can browse through the text within a selection on a website via the aforesaid service. It's a mostly moderate safety concern because it requires actual user interaction before it can be exploited properly.

Mozilla has also identified a heap-based buffer overflow within the Firefox string to floating point number conversion routines that enables a cyber terrorist to develop a nefarious JavaScript string that could cause the execution of an arbitrary memory location and improper memory allocation. It's yet another security hole that can be exploited to execute malicious code on a targeted machine.