July 18, 2012

Mozilla releases Firefox 14 to close several major holes

Mozilla on Tuesday released Firefox version 14.0.1 to patch a slew of vulnerabilities. Five of the 18 bugs fixed are labeled as “critical,” giving attackers the ability to run malicious software. According to Mozilla's Security Advisories post, two of the most concerning flaws were discovered in the “javascript: URL,” which could allow miscreants to evade the JavaScript sandbox to execute malicious code, as well as “JSDependentString,” which may enable attackers to crash the browser and corrupt memory. The remaining vulnerabilities, if not patched, could facilitate the execution of arbitrary code, cross-site scripting and phishing attacks.

[An earlier version of this story incorrectly stated that 14 vulnerabilities were patched, when it was actually 18].

Related Articles
Related Topics

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.