Mozilla fixes Firefox critical memory corruption errors Staff

Mozilla has released an update to its FireFox browser, fixing serious memory corruption errors as well as vulnerabilities that could enable spoofing attacks.

Five bulletins, one critical, address nine vulnerabilities in the popular browser. The browser maker is urging users to update to Firefox 3.5.6

    Requires Free Membership to View

or 3.0.16.

The critical Firefox bulletin addresses four stability vulnerabilities in the browser engine, repairing coding errors that cause memory corruption and could be exploited by an attacker to run malicious code on a victim's system.

"We presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in its advisory.

A highly rated bulletin addresses a flaw in Mozilla's support of Microsoft's NT LAN Manager (NTLM) challenge-response authentication protocol, used on Windows-based corporate networks. The flaw, discovered by IBM X-Force could allow an attacker to set up a malicious Web page to steal credentials and then forward them from one application to another application using Firefox.

Other errors repaired by Mozilla include two vulnerabilities that could enable an attacker to conduct spoofing attacks. A privilege escalation error could enable attackers to run malicious JavaScript code with chrome privileges. An ActiveX error could give an attacker the ability to track a user across browsing sessions.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: