Jump to content

Mozilla addresses memory corruption issues in Firefox 2 fix

Recommended Posts

  • Administrator

Mozilla issued its 13th update to alternative browser Firefox 2, fixing six issues, two of which the company called critical.

"Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system," security firm Secunia said of the fixes.

According to advisories, some of the problems also affect Thunderbird and SeaMonkey. Of the critical issues, "several" issues were fixed that appeared to be memory corruption issues. Mozilla presumes that arbitrary code could be executed with enough effort.

That issue, as well as the other critical update which deals with privilege escalation and code execution risk in Mozilla products, can be exploited through JavaScript. Scripts could be run with elevated privileges and the browser could be used to run cross-site scripting and code execution, it said.

Two high priority fixes were also issued, which dealt with an XUL popup spoof, an a Java issue that could allow for the opening of arbitrary ports on a user's system. Those issues only affected Firefox and SeaMonkey,

Other than that, a moderately rated fix was issued for an HTTP referrer spoofing risk, and a low-priority fix for a privacy issue with SSL client authentication.

Source: BetaNews

Link: Lunarsoft Frontpage

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...