If this page does not print out automatically, select Print from the File menu.

Mozilla issues 'critical' Firefox fixes

Update addresses a number of security issues

Shaun Nichols in California, vnunet.com 28 Mar 2008

Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser.

The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.

Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.

The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.

The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.

Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.

Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.

Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.

Permalink: http://www.webactivemagazine.co.uk/2212998

www.webactivemagazine.co.uk/2212998

This article was printed from the Webact!ve web site
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

Close this window to return to the website