Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Mozilla shutters seven Firefox flaws
Published: 2009-02-04

Mozilla released its latest update to its Firefox browser on Tuesday, closing seven security holes, including two critical issues, according to the company's release notes.

The critical flaws occur in the program's layout and Javascript engines, which can be used to crash the program and possibly run malicious code, the company said in an advisory. The flaw also affects Mozilla's SeaMonkey all-in-one Internet suite and the Thunderbird e-mail client, if Javascript is enabled, which is not the default setting.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the company stated.

The other flaws include a cross-site scripting issue that could allow Javascript to evade the same-origin policy and a problem in the way tabs are restored that could allow attackers to steal a local file, if they knew the name of the file.

Firefox users can download and apply the update, by choosing the "Check for Updates..." command in the file menu.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus