Mozilla released the latest version of its popular Firefox browser, repairing memory corruption errors and cross-site...
scripting vulnerabilities that could be exploited by an attacker to run malicious code.
Firefox version 3.0.6 includes six advisories, one rated critical, fixing errors in Firefox, Thunderbird and SeaMonkey.
An attack using a vulnerability in Mozilla's SessionStore feature was also repaired. SessionStore saves session data, including open windows and tabs, window size and position, and text typed in forms. Mozilla said an attacker could manipulate a closed tab and if the victim reopens it, malicious scripts in the page can steal the victim's local file.
Other less critical vulnerabilities patched by Mozilla included a chrome privilege escalation attack method using local desktop shortcut files, a XML request error and a cached pages problem.
Danish vulnerability clearinghouse Secunia gave the Mozilla updates a highly critical rating, warning that, if exploited by an attacker, the flaws could be used to gain remote access to sensitive information and certain system files.