Security Management Strategies for the CIOIn bulletin MFSA 2008-42, holes in the browser's graphics and image rendering engines were repaired. Mozilla said the flaws "showed evidence of memory corruption under certain circumstances." The bulletin was rated critical.
Bulletin MFSA 2008-41 addresses a series of vulnerabilities that could be exploited "to pollute XPCNativeWrappers and have arbitrary code run with chrome privileges," Mozilla said. The bulletin was also rated critical.
The French Security Incident Response Team (FrSIRT) warned in its advisory that the vulnerabilities could be exploited by attackers to "bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system." FrSIRT identified 10 flaws that could be exploited by an attacker.
In two bulletins rated moderate, Mozilla addressed several flaws which allowed a directory traversal on Linux and an error that allowed the restrictions imposed on local HTML files to be bypassed. The error could let an attacker read information about a system, Mozilla said.
A click-hijacking vulnerability
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
was also repaired. The vulnerability had potential to allow an attacker to trick a user into downloading a file or perform other drag-and-drop actions, Mozilla said.
Danish vulnerability clearinghouse Secunia rated the Mozilla update "highly critical." In its advisory, Secunia said the combination of vulnerabilities could allow an attacker to execute arbitrary code.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation