Mozilla fixes Firefox critical memory corruption errors

Serious flaws in FireFox could be used by attackers to gain access to critical files and sensitive data.

Mozilla has released an update to its FireFox browser, fixing serious memory corruption errors as well as vulnerabilities that could enable spoofing attacks.

Five bulletins, one critical, address nine vulnerabilities in the popular browser. The browser maker is urging users to update to Firefox 3.5.6 or 3.0.16.

The critical Firefox bulletin addresses four stability vulnerabilities in the browser engine, repairing coding errors that cause memory corruption and could be exploited by an attacker to run malicious code on a victim's system.

"We presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in its advisory.

A highly rated bulletin addresses a flaw in Mozilla's support of Microsoft's NT LAN Manager (NTLM) challenge-response authentication protocol, used on Windows-based corporate networks. The flaw, discovered by IBM X-Force could allow an attacker to set up a malicious Web page to steal credentials and then forward them from one application to another application using Firefox.

Other errors repaired by Mozilla include two vulnerabilities that could enable an attacker to conduct spoofing attacks. A privilege escalation error could enable attackers to run malicious JavaScript code with chrome privileges. An ActiveX error could give an attacker the ability to track a user across browsing sessions.

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close