Article

Mozilla patches 11 Firefox security flaws, JavaScript errors

Robert Westervelt, News Director

Mozilla Foundation updated its Firefox browser late Thursday, deploying fixes to 11 vulnerabilities, including six critical flaws, mostly JavaScript related, which could be used by an attacker to run arbitrary code and gain access to system files.

Firefox 3.0.11

    Requires Free Membership to View

patches critical memory corruption errors, a race condition and a JavaScript chrome privilege escalation. Most user browsers will be updated automatically to the latest version.

In its list of advisories, Mozilla said the JavaScript chrome privilege escalation allows scripts from page content to run with elevated privileges. Several memory corruption errors were fixed, stabilizing the browser engine.

Recent FireFox updates:
FireFox 3.0.10 - Mozilla patches a dozen Firefox vulnerabilities: The flaws expose users to URL spoofing, cross-site scripting, code injection and code execution attacks.

FireFox 3.0.9 - Firefox update addresses several security flaws Mozilla's release repairs a critical vulnerability that could have been exploited to run arbitrary code.

FireFox 3.0.8 -
Firefox update blocks proof-of-concept code: Mozilla updated Firefox to repair several flaws, including a critical zero-day flaw.

"Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said.

Mozilla said a race condition existed, allowing an attacker to write to freed memory under a certain condition if a person navigated away from a webpage during the loading of a Java applet. The browser maker also repaired a condition in which event listeners may be executed within the wrong JavaScript context.

"An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges," Mozilla said. Less critical vulnerabilities included:

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: