June 12, 2009

Mozilla releases security fixes for Firefox

The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.

A total of nine security flaws were fixed in the new release.

The patches include a fix for flaws such as one that allows scripts from page content to run with elevated privileges. With this, an attacker could cause an object such as a browser sidebar to interact with web content so that an attacker's code had elevated privileges.

Another bug fixed involved a condition that resulted when navigating away from a web page during the loading of a Java applet. This could have resulted in freed memory that an attacker could write to before it is reused -- and then run arbitrary code on the victim's computer.

The other critical issues were problems of memory corruption crashes, which could be exploited to run arbitrary code, and null owner document event listeners, which could enable a malicious event handler to execute arbitrary JavaScript code.

The new version of Firefox, 3.0.11, is available for Windows, Mac and Linux users. Mozilla said that it strongly recommends that users upgrade to the latest release.

 

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.