Mozilla and Apple released updates to their browsers this week, addressing serious flaws that could allow an attacker...
to access critical files and take control of a victim's computer.
Mozilla released Firefox 3.04, addressing about 10 errors in previous versions of the popular Web browser. Four of the flaws were rated critical by Mozilla. Many of the flaws could be exploited by an attacker to access sensitive information and gain access to a user's machine.
Danish vulnerability clearinghouse Secunia issued an alert giving the flaws a highly critical rating. Secunia said the rating was given since an attacker could potentially exploit some of the flaws remotely and gain access to system information.
Meanwhile, Apple issued version 3.2 of its Safari browser this week, which could be exploited by an attacker to gain access to sensitive data and take control of a victim's system. Secunia gave the flaws a highly critical rating.
Apple addressed graphics handling errors that could cause a heap-based buffer overflow, crashing the browser. Image processing errors could allow an attacker to pass malicious code.
"These issues are caused by buffer overflow, uninitialized memory access, memory corruption, signedness and design errors when processing malformed data," FrSIRT said.