patched eight flaws in its products on Thursday, including “critical” issues in Firefox
, Thunderbird and SeaMonkey.
Firefox version 220.127.116.11 includes a cumulative fix for bugs leading to crashes and a fix for the way Script object modifies XPCNativeWrappers.
Mozilla disclosed on Thursday that some of the crash-causing issues could eventually be exploited to run arbitrary code
on a victimized PC.
The distribution also patched a flaw in Firefox for Windows XP
with Internet Explorer 7
installed that occurs with a malformed URI. Billy (BK) Rios and Nate Mcfeters were credited with disclosing the flaw.
The fix detects when Windows would mishandle such URIs so that the wrong program does not get launched, according to Mozilla's advisory
The Mountain View, Calif.-based company also patched a “moderate” flaw in Firefox and SeaMonkey that could allow file stealing through a URI scheme.
The vulnerability, reported by Georgi Guninski, can be exploited if an attacker stores a malicious page on a server and lures a victim into loading it.
Also fixed were moderate flaws in Digest Authentication request splitting and file upload control, as well as low-danger flaws in XUL pages and onUnload Tailgating.
The group of flaws earned a “critical” ranking from FrSIRT
in an advisory
released today, and a “highly critical” ranking
Rene Gonzalez, product manager at Lumension
, an endpoint security vendor, said that as Firefox becomes more popular, it will also receive increased attention from researchers.
“The trend seems to be with the browser. Every month they have a new update for the browser, and as it becomes more popular, more vulnerabilities become prominent on the desktop,” Gonzalez told SCMagazineUS.com today.