Mozilla has released an update to its FireFox browser, fixing serious memory corruption errors as well as vulnerabilities that could enable spoofing attacks.
Five bulletins, one critical, address nine vulnerabilities in the popular browser. The browser maker is urging users to update to Firefox 3.5.6
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
or 3.0.16.
The critical Firefox bulletin addresses four stability vulnerabilities in the browser engine, repairing coding errors that cause memory corruption and could be exploited by an attacker to run malicious code on a victim's system.
"We presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in its advisory.
A highly rated bulletin addresses a flaw in Mozilla's support of Microsoft's NT LAN Manager (NTLM) challenge-response authentication protocol, used on Windows-based corporate networks. The flaw, discovered by IBM X-Force could allow an attacker to set up a malicious Web page to steal credentials and then forward them from one application to another application using Firefox.
Other errors repaired by Mozilla include two vulnerabilities that could enable an attacker to conduct spoofing attacks. A privilege escalation error could enable attackers to run malicious JavaScript code with chrome privileges. An ActiveX error could give an attacker the ability to track a user across browsing sessions.