Critical Firefox, Safari flaws addressed |
 |
By SearchSecurity.com Staff
14 Nov 2008 | SearchSecurity.com |
|
|
Mozilla and Apple released updates to their browsers this week, addressing serious flaws that could allow an attacker to access critical files and take control of a victim's computer.
|
| SearchSecurity.com: |
| To get security news and tips delivered to your inbox, click here to sign up for our free newsletter. |
|
|
|
|
Mozilla released Firefox 3.04, addressing about 10 errors in previous versions of the popular Web browser. Four of the flaws were rated critical by Mozilla. Many of the flaws could be exploited by an attacker to access sensitive information and gain access to a user's machine.
Mozilla addressed memory corruption issues and browser engine errors that could cause the browser to crash. Several Firefox errors allow an attacker to pass malicious JavaScript code to bypass browser security restrictions.
Danish vulnerability clearinghouse Secunia issued an alert giving the flaws a highly critical rating. Secunia said the rating was given since an attacker could potentially exploit some of the flaws remotely and gain access to system information.
Meanwhile, Apple issued version 3.2 of its Safari browser this week, which could be exploited by an attacker to gain access to sensitive data and take control of a victim's system. Secunia gave the flaws a highly critical rating.
Apple addressed graphics handling errors that could cause a heap-based buffer overflow, crashing the browser. Image processing errors could allow an attacker to pass malicious code.
The French Security Incident Response Team (FrSIRT) issued an advisory giving the flaws a critical rating.
"These issues are caused by buffer overflow, uninitialized memory access, memory corruption, signedness and design errors when processing malformed data," FrSIRT said.
|
|
|
|
