Mozilla issued an update fixing several dangerous cross-site-scripting (XSS) flaws that could allow an attacker...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to run malicious code and gain access to critical system files.
The flaws can be found in versions 2 and 3 of the Firefox browser. Firefox 3.0.5 fixes an XSS flaw in SessionStore, a session restore feature, which contains an error that could be manipulated to inject malicious code into the browser.
Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. In its advisory, Secunia said some of the errors addressed by Mozilla allow an attacker to bypass cookie settings and identify specific users in browsing sessions.
In addition, Mozilla announced that it is dropping support of FireFox 2. The latest security update will be the last for the older version of the browser. Phishing protection, which communicates with Google to identify possible phishing sites is also being dropped in Firefox 2. Mozilla is urging users to upgrade to the latest version.