Mozilla Firefox is an open source Web browser.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,CVE-2008-5513)Several flaws were found in the way malformed content was processed. Awebsite containing specially-crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-5506,CVE-2008-5507)A flaw was found in the way Firefox stored attributes in XML User InterfaceLanguage (XUL) elements. A web site could use this flaw to track usersacross browser sessions, even if users did not allow the site to storecookies in the victim's browser. (CVE-2008-5505)A flaw was found in the way malformed URLs were processed by Firefox.This flaw could prevent various URL sanitization mechanisms from properlyparsing a malicious URL. (CVE-2008-5508)A flaw was found in Firefox's CSS parser. A malicious web page could injectNULL characters into a CSS input string, possibly bypassing anapplication's script sanitization routines. (CVE-2008-5510)For technical details regarding these flaws, please see the Mozillasecurity advisories for Firefox 3.0.5. You can find a link to the Mozillaadvisories in the References section.Note: after the errata packages are installed, Firefox must be restartedfor the update to take effect.All firefox users should upgrade to these updated packages, which containbackported patches that correct these issues.