Article

Mozilla issues update to repair critical Firefox flaws

SearchSecurity.com Staff
Mozilla issued an update to its Firefox browser, plugging a number of critical flaws in browser processes that could be exploited by an attacker to gain access to sensitive data.

In bulletin MFSA 2008-42, holes in the browser's

    Requires Free Membership to View

graphics and image rendering engines were repaired. Mozilla said the flaws "showed evidence of memory corruption under certain circumstances." The bulletin was rated critical.

Bulletin MFSA 2008-41 addresses a series of vulnerabilities that could be exploited "to pollute XPCNativeWrappers and have arbitrary code run with chrome privileges," Mozilla said. The bulletin was also rated critical.

The French Security Incident Response Team (FrSIRT) warned in its advisory that the vulnerabilities could be exploited by attackers to "bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system." FrSIRT identified 10 flaws that could be exploited by an attacker.

In two bulletins rated moderate, Mozilla addressed several flaws which allowed a directory traversal on Linux and an error that allowed the restrictions imposed on local HTML files to be bypassed. The error could let an attacker read information about a system, Mozilla said.

A click-hijacking vulnerability was also repaired. The vulnerability had potential to allow an attacker to trick a user into downloading a file or perform other drag-and-drop actions, Mozilla said.

Danish vulnerability clearinghouse Secunia rated the Mozilla update "highly critical." In its advisory, Secunia said the combination of vulnerabilities could allow an attacker to execute arbitrary code.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: