News Stay informed about the latest enterprise technology news and product updates.

Mozilla fixes cross-site-scripting flaws

The latest update also phases out support of Firefox 2.

Mozilla issued an update fixing several dangerous cross-site-scripting (XSS) flaws that could allow an attacker to run malicious code and gain access to critical system files.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The flaws can be found in versions 2 and 3 of the Firefox browser. Firefox 3.0.5 fixes an XSS flaw in SessionStore, a session restore feature, which contains an error that could be manipulated to inject malicious code into the browser.

A serious JavaScript privilege escalation flaw was also repaired including a JavaScript syntax error that could be used by a malicious website to steal private data from users who are authenticated on the redirected website, Mozilla said in its advisory.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. In its advisory, Secunia said some of the errors addressed by Mozilla allow an attacker to bypass cookie settings and identify specific users in browsing sessions.

In addition, Mozilla announced that it is dropping support of FireFox 2. The latest security update will be the last for the older version of the browser. Phishing protection, which communicates with Google to identify possible phishing sites is also being dropped in Firefox 2. Mozilla is urging users to upgrade to the latest version.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.