Mozilla patches 11 Firefox security flaws, JavaScript errors

By Robert Westervelt, News Editor 12 Jun 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Mozilla Foundation updated its Firefox browser late Thursday, deploying fixes to 11 vulnerabilities, including six critical flaws, mostly JavaScript related, which could be used by an attacker to run arbitrary code and gain access to system files.

Firefox 3.0.11 patches critical memory corruption errors, a race condition and a JavaScript chrome privilege escalation. Most user browsers will be updated automatically to the latest version.

In its list of advisories, Mozilla said the JavaScript chrome privilege escalation allows scripts from page content to run with elevated privileges. Several memory corruption errors were fixed, stabilizing the browser engine.

Recent FireFox updates: FireFox 3.0.10 - Mozilla patches a dozen Firefox vulnerabilities: The flaws expose users to URL spoofing, cross-site scripting, code injection and code execution attacks. FireFox 3.0.9 - Firefox update addresses several security flaws Mozilla's release repairs a critical vulnerability that could have been exploited to run arbitrary code. FireFox 3.0.8 - Firefox update blocks proof-of-concept code: Mozilla updated Firefox to repair several flaws, including a critical zero-day flaw.

"Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said.

Mozilla said a race condition existed, allowing an attacker to write to freed memory under a certain condition if a person navigated away from a webpage during the loading of a Java applet. The browser maker also repaired a condition in which event listeners may be executed within the wrong JavaScript context.

"An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges," Mozilla said. Less critical vulnerabilities included:

• CVE-2009-1834: URL spoofing with invalid unicode characters. An error exists allowing an attacker to display part of an Internationalized Domain Name as whitespace in the location bar, allowing an attacker to spoof a URL. Mozilla rated the flaw low.

• CVE-2009-1835: Arbitrary domain cookie access by a local file. Mozilla said this flaw required a lot of user interaction to be exploited by an attacker. A user would have to download a malicious file and open it in their browser. It could then steal arbitrary cookies from the victim's computer. The flaw was given a moderate rating.

• CVE-2009-1839: Incorrect principal set for file. The vulnerability is difficult to exploit, according to Mozilla. It can be exploited if a user downloaded a malicious document and then opened another document in a directory of interest to the attacker before opening the attacker's file in the same window. This flaw was given a moderate rating.

• CVE-2009-1840: XUL scripts bypass content-policy checks. Mozilla said content-loading policies were not checked before loading external script files into XUL documents. The flaw was given a low rating.
  
  

  Tags: Web Browser Security,  Security Patch Management,  VIEW ALL TAGS

  
  

  Digg This!     StumbleUpon     Del.icio.us

  
  
  
  

  RELATED CONTENT Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates?

  RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary