Mozilla fixes potential DoS flaws in firefox

Firefox versions 2.0.0.4 and 1.5.0.12 fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.

Mozilla has released updated versions of its popular Firefox browser, fixing security flaws attackers could exploit to access sensitive information, cause a denial of service or run malicious code on targeted machines. For Firefox 1.5 users, this is the final update.

"As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product," Mozilla said in an advisory. "We presume that with enough effort at least some of these [flaws] could be exploited to run arbitrary code."

Mozilla update:
Mozilla to issue its final Firefox 1.5 fix: Mozilla is nudging users to make the switch to version 2.0.

The French Security Incident Response Team (FrSIRT) said in an advisory that the first problem is a series of memory corruption errors in the layout and JavaScript engines when malformed data is parsed. Attackers could exploit this to crash a vulnerable application or run malicious code. The second problem is an error within the autocomplete feature when overly long text fields are processed. Malicious Web sites could exploit this to crash an affected browser or exhaust all available memory resources, causing a denial of service.

Mozilla also fixed input validation errors in how cookie path and name values are processed, which attackers could exploit to cause a denial of service; and weakness in the APOP authentication that could allow attackers to access sensitive information.

Also fixed was an error in the "nsEventReceiverSH::AddEventListenerHelper()" [nsDOMClassInfo.cpp] function attackers could exploit to bypass the browser's same-origin policy and access or modify data from arbitrary sites by tricking a user into visiting a specially crafted Web page.

Finally, Mozilla fixed an error in how XUL popups are handled. Attackers could exploit this to spoof or hide parts of the browser chrome such as the location bar.

This is the final security update for Firefox 1.5. Mozilla will now nudge users to make the switch to Firefox 2.0.

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close