July 18, 2012

Mozilla releases Firefox 14 to close several major holes

Mozilla on Tuesday released Firefox version 14.0.1 to patch a slew of vulnerabilities. Five of the 18 bugs fixed are labeled as “critical,” giving attackers the ability to run malicious software. According to Mozilla's Security Advisories post, two of the most concerning flaws were discovered in the “javascript: URL,” which could allow miscreants to evade the JavaScript sandbox to execute malicious code, as well as “JSDependentString,” which may enable attackers to crash the browser and corrupt memory. The remaining vulnerabilities, if not patched, could facilitate the execution of arbitrary code, cross-site scripting and phishing attacks.

[An earlier version of this story incorrectly stated that 14 vulnerabilities were patched, when it was actually 18].

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.