Mozilla has released an update to its FireFox browser, fixing serious memory corruption errors as well as vulnerabilities that could enable spoofing attacks.
Five bulletins, one critical, address nine vulnerabilities in the popular browser. The browser maker is urging users to update to Firefox 3.5.6 or 3.0.16.
The critical Firefox bulletin addresses four stability vulnerabilities in the browser engine, repairing coding errors that cause memory corruption and could be exploited by an attacker to run malicious code on a victim's system.
"We presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in its advisory.
A highly rated bulletin addresses a flaw in Mozilla's support of Microsoft's NT LAN Manager (NTLM) challenge-response authentication protocol, used on Windows-based corporate networks. The flaw, discovered by IBM X-Force could allow an attacker to set up a malicious Web page to steal credentials and then forward them from one application to another application using Firefox.