In bulletin MFSA 2008-42, holes in the browser's
Bulletin MFSA 2008-41 addresses a series of vulnerabilities that could be exploited "to pollute XPCNativeWrappers and have arbitrary code run with chrome privileges," Mozilla said. The bulletin was also rated critical.
The French Security Incident Response Team (FrSIRT) warned in its advisory that the vulnerabilities could be exploited by attackers to "bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system." FrSIRT identified 10 flaws that could be exploited by an attacker.
In two bulletins rated moderate, Mozilla addressed several flaws which allowed a directory traversal on Linux and an error that allowed the restrictions imposed on local HTML files to be bypassed. The error could let an attacker read information about a system, Mozilla said.
A click-hijacking vulnerability was also repaired. The vulnerability had potential to allow an attacker to trick a user into downloading a file or perform other drag-and-drop actions, Mozilla said.
Danish vulnerability clearinghouse Secunia rated the Mozilla update "highly critical." In its advisory, Secunia said the combination of vulnerabilities could allow an attacker to execute arbitrary code.