Firefox update addresses several security flaws

By SearchSecurity.com Staff 22 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Don't miss need-to-know info! Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.com and you'll never be behind the curve!

Foremost among the fixes in Firefox version 3.0.9, made available Tuesday, is a critical vulnerability involving stability bugs in the browser engine used in Firefox and other Mozilla-based products. According to Mozilla's researchers, some crashes showed evidence of memory corruption and could have been exploited to run arbitrary code.

Notable high-level updates include a repair for a flaw that could enable an attacker to use mismatched URLs to execute arbitrary JavaScript within the context of another site, and a fix for a pair of Adobe Flash problems that could, respectively, initiate HTTP requests to arbitrary third-party sites and enable an attacker to perform cross-site request forgery attacks against them, and place cookie-like objects on a user's computer and track them across multiple sites.

See all our coverage of RSA Conference 2009: SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.

This release is the latest in a flurry of Firefox updates so far this year. Mozilla released version 3.0.8 March 28 to mitigate critical issues involving arbitrary code execution via the browser's XUL tree element, and an XSL stylesheet problem that could be used to crash the browser in certain circumstances.

Version 3.0.7, released March 5, repaired five flaws that could have allowed cybercriminals to conduct URL spoofing attacks and other errors that could potentially expose sensitive information. Version 3.0.6, released Feb 3, corrected several memory corruption errors and cross-site scripting flaws that could have been exploited by an attacker to gain access to critical files.

Tags: Web Browser Security,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Exploit code targets Internet Explorer zero-day display flaw InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology Web Browser Security Research Security Patch Management What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary