Article

Mozilla fixes several Firefox flaws

Bill Brenner

Mozilla has updated its Firefox browser to close seven different security holes, capping off a busy week for IT administrators who've had to deal with Microsoft's monthly patch release and security fixes

    Requires Free Membership to View

for Apple QuickTime and Adobe Flash Player.

Mozilla released Firefox 1.5.0.7 to address flaws that could expose systems to man-in-the-middle, spoofing and cross-site scripting attacks.

Danish vulnerability clearinghouse Secunia described the flaws its advisory:

  • The first problem is in how Firefox handles JavaScript regular expressions containing a minimal quantifier. Attackers could exploit the flaw to cause a heap-based buffer overflow and launch malicious code.

  • The second problem is that users might accept an unverifiable self-signed certificate when visiting a Web site, which could allow an attacker to redirect the update check to a malicious Web site in a man-in-the-middle attack.

  • The third problem are time-dependent errors that surface during text display that could be exploited to corrupt memory and launch malicious code.

  • The fourth problem exists within the verification of certain signatures in the bundled Network Security Services (NSS) library.

  • The fifth problem is an error in cross-domain handling that could be exploited to inject arbitrary HTML and script code in a sub-frame of another Web site via a "[window].frames[index].document.open()" call.

  • The sixth problem is an error that appears in certain situations when blocked popups are opened incorrectly from the status bar via the "blocked popups" function. This could be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary Web site.

  • The seventh problem involves some unspecified memory corruption errors that could be exploited to launch malicious code.
  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: