Mozilla addresses memory corruption issues in Firefox 2 fix

Mozilla issued its 13th update to alternative browser Firefox 2, fixing six issues, two of which the company called critical.

"Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system," security firm Secunia said of the fixes.

According to advisories, some of the problems also affect Thunderbird and SeaMonkey. Of the critical issues, "several" issues were fixed that appeared to be memory corruption issues. Mozilla presumes that arbitrary code could be executed with enough effort.

That issue, as well as the other critical update which deals with privilege escalation and code execution risk in Mozilla products, can be exploited through JavaScript. Scripts could be run with elevated privileges and the browser could be used to run cross-site scripting and code execution, it said.

Two high priority fixes were also issued, which dealt with an XUL popup spoof, an a Java issue that could allow for the opening of arbitrary ports on a user's system. Those issues only affected Firefox and SeaMonkey,

Other than that, a moderately rated fix was issued for an HTTP referrer spoofing risk, and a low-priority fix for a privacy issue with SSL client authentication.

Source: BetaNews

Link: Lunarsoft Frontpage