Problems in Firefox 3.0.13 allows password theft and failure in version 3.5.2 is low risk.

Mozilla announced the fix three security flaws in browsers Firefox 3.5 and Firefox 3.0, on Tuesday (4/8).

Among the fixes, two are meant to version 3.0.13, which will have their support discontinued in January 2010, and one for version 3.5.2 of open source browser.

The flaws in Firefox 3.0.13 were revealed last Thursday (30/7) by a security consultant IOActive the company, Dan Kaminsky, during the Black Hat conference in Las Vegas, USA.

In version 3.0, the vulnerability in the standard protocol for data encryption Firefox, Secure Socket Layer (SSL) can be exploited allowing attackers to steal passwords or accept that the Internet malicious software that can search your machine.

Firefox 3.5.2 has already won a fix for a problem of response on the browser and SOCKS5 proxy, that Mozilla ranked as a low threat level.

The same problem had been fixed in Firefox 3.0.12 on a package of fixes released by Mozilla on July 21 . It is unclear whether the organization forgot to do the same with version 3.5.1 of the browser. Mozilla has not commented about it.

According to the company's online data analysis, Net Applications, Firefox recorded 22.5% global market share at the browser in July, three in four users still surfing the web browser version 3.0, not for Firefox 3.5 .

) podem ser baixadas para os sistemas operacionais Windows, Mac OS X e Linux, mas os usuários podem acessar a área de atualizações do navegador ou esperar pela correção automática nas próximas 48 horas. Updated versions of Firefox ( 3.5.2 and 3.0.13 ) can be downloaded for Windows operating systems, Mac OS X and Linux, but users can access the area of browser updates or wait for automatic correction in the next 48 hours.

Source: http://idgnow.uol.com.br/seguranca/2009/08/04/mozilla-corrige-tres-falhas-no-firefox/