Firefox
Nine advisories cover 'critical' and 'high risk' flaws
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
Jargon Buster

ADVERTISEMENT

Mozilla issues 'critical' Firefox fixes

Update addresses a number of security issues

Shaun Nichols in California, vnunet.com 28 Mar 2008
ADVERTISEMENT

Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser.

The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.

Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.

The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.

The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.

Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.

Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.

Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.

See also:

Microsoft
Standards-based IE8 shows 'new Microsoft'
Software giant makes break with proprietary past  26 Mar 2008
Mozilla
Mozilla raps Apple over Safari bundling
CEO criticises decision to push browser as an 'update'  25 Mar 2008
Mozilla Thunderbird
Mozilla launches Messaging subsidiary
Thunderbird 3 is go  19 Feb 2008
Firefox
Firefox 3 Beta 3 ready for download
Experts only, warns Mozilla  13 Feb 2008

All Bugs & Fixes
Tags: Firefox, Hacking, Ecommerce, Security

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Testing Manager
Chichester, United Kingdom | West Sussex County Council
  Testing Manager, Chichester, £42,222 - £45,090 (includes a Market Supplement, subject to review) The IT Testing function has until recently been performed within the project structure.  This new role recognises that we need to ... more >
Web Application System Engineer
United Kingdom | Sumisho Computer Systems (Europe) Ltd
Web Application System Engineer Sumisho Computer Systems (Europe) Ltd provide customers with a world of enhanced IT solutions. The role will involve maintenance of Oracle database server and web application server. The candidate must be ... more >
Project Manager
Leeds, United Kingdom | NHS Connecting Health
  Project Manager, Leeds, up to £53k  NHS Connecting for Health is an agency of the Department of Health supporting the NHS to deliver better, safer care to patients, by bringing in new computer systems ... more >
SAP Team Leader
United Kingdom | Sumisho Computer Systems (Europe) Ltd
SAP Team Leader Sumisho Computer Systems (Europe) Ltd provide customers with a world of enhanced IT solutions. The role will consist of management of projects and application implementation. The candidate must be able to communicate ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503