Firefox update addresses several security flaws

Article

Firefox update addresses several security flaws

The Mozilla Foundation has released an updated edition of its Firefox Web browser that addresses 10 security issues.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Don't miss need-to-know info!

Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.com and you'll never be behind the curve!
Foremost among the fixes in Firefox version 3.0.9, made available Tuesday, is a critical vulnerability involving stability bugs in the browser engine used in Firefox and other Mozilla-based products. According to Mozilla's researchers, some crashes showed evidence of memory corruption and could have been exploited to run arbitrary code.

Notable high-level updates include a repair for a flaw that could enable an attacker to use mismatched URLs to execute arbitrary JavaScript within the context of another site, and a fix for a pair of Adobe Flash problems that could, respectively, initiate HTTP requests to arbitrary third-party sites and enable an attacker to perform cross-site request forgery attacks against them, and place cookie-like objects on a user's computer and track them across multiple sites.

See all our coverage of RSA Conference 2009:

SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.
This release is the latest in a flurry of Firefox updates so far this year. Mozilla released version 3.0.8 March 28 to mitigate critical issues involving arbitrary code execution via the browser's XUL tree element, and an XSL stylesheet problem that could be used to crash the browser in certain circumstances.

Version 3.0.7, released March 5, repaired five flaws that could have allowed cybercriminals to conduct URL spoofing attacks and other errors that could potentially expose sensitive information. Version 3.0.6, released Feb 3, corrected several memory corruption errors and cross-site scripting flaws that could have been exploited by an attacker to gain access to critical files.