Article

Mozilla fixes potential DoS flaws in firefox

Bill Brenner, Senior News Writer

Mozilla has released updated versions of its popular Firefox browser, fixing security flaws attackers could exploit to access sensitive information, cause a denial of service or run malicious code on targeted machines. For Firefox 1.5 users, this is the final update.

"As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product,"

    Requires Free Membership to View

Mozilla said in an advisory. "We presume that with enough effort at least some of these [flaws] could be exploited to run arbitrary code."

Mozilla update:
Mozilla to issue its final Firefox 1.5 fix: Mozilla is nudging users to make the switch to version 2.0.

The French Security Incident Response Team (FrSIRT) said in an advisory that the first problem is a series of memory corruption errors in the layout and JavaScript engines when malformed data is parsed. Attackers could exploit this to crash a vulnerable application or run malicious code. The second problem is an error within the autocomplete feature when overly long text fields are processed. Malicious Web sites could exploit this to crash an affected browser or exhaust all available memory resources, causing a denial of service.

Mozilla also fixed input validation errors in how cookie path and name values are processed, which attackers could exploit to cause a denial of service; and weakness in the APOP authentication that could allow attackers to access sensitive information.

Also fixed was an error in the "nsEventReceiverSH::AddEventListenerHelper()" [nsDOMClassInfo.cpp] function attackers could exploit to bypass the browser's same-origin policy and access or modify data from arbitrary sites by tricking a user into visiting a specially crafted Web page.

Finally, Mozilla fixed an error in how XUL popups are handled. Attackers could exploit this to spoof or hide parts of the browser chrome such as the location bar.

This is the final security update for Firefox 1.5. Mozilla will now nudge users to make the switch to Firefox 2.0.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: