Firefox update addresses multiple security issues
Mozilla on Wednesday issued Firefox 3.0.7, which fixes multiple security issues that could potentially cause an attacker to run arbitrary code on a victim's computer, cause a denial-of-service condition, obtain sensitive information, or spoof the location bar, according to an advisory from US-CERT Thursday.Three of the issues were rated critical, one was rated high, and one was rated low on Mozilla's rating scale. All the issues affect Firefox, Thunderbird and SeaMonkey products, according to Mozilla's security advisories.
The browser engine vulnerability titled “crashes with evidence of memory corruption (rv:1.9.0.7),” rated critical, involves several stability bugs in Firefox and other Mozilla products. Some of these crashes showed evidence of memory corruption under certain circumstances and could, with enough effort by an attacker, potentially be exploited to run arbitrary code, Mozilla said. The SANS Internet Storm Center said in a post Wednesday that this was the most critical issue fixed.
Also listed as critical: A vulnerability involving several memory safety hazards in PNG libraries used by Mozilla. A separate critical vulnerability in Mozilla's garbage collection process is caused by improper memory management of a set of cloned XUL DOM elements linked as a parent and child. Both vulnerabilities could cause a victim's browser to crash and an attacker to potentially run arbitrary code, Mozilla said in its advisories.
Listed as high in severity is a vulnerability that would enable a malicious website to use nsIRDFService and a cross-domain redirect to steal XML data.
“This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website,” Mozilla said in its security advisory for the vulnerability.
The vulnerability dubbed “URL spoofing with invisible control characters,” rated low, could be used to spoof the location bar and display a misleading URL for a malicious web page.
Mozilla noted that since Thunderbird shares the browser engine with Firefox, it could be vulnerable if JavaScript were to be enabled in email – though this is not the default setting. Mozilla “strongly discouraged” users from running JavaScript in mail.
