Firefox update fixes a dozen flaws

Update spans Firefox 2 and Firefox 3 and will be pushed out to current users to take affect the next time the browser relaunches.

Mozilla released Firefox 2.0.017 and Firefox 3.0.2, updated versions of its browser, on Wednesday to address a dozen security vulnerabilities. Four are ranked by Mozilla as critical, one high, two moderate, and the rest of the patches are considered low priority. About half do not apply to Firefox 3.

The updates are pushed automatically to current users and will take effect the next time the browser is restarted. Current users of Firefox 2 are encouraged to upgrade by manually downloading Firefox 3 as soon as possible.

MFSA 2008-42: Critical

Titled "Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)"--Mozilla says under certain circumstances memory corruption could be exploited to run arbitrary code. The company credits Drew Yao of Apple Product Security and David Maciejak for reporting the vulnerability.

MFSA 2008-41: Critical

Titled "Privilege escalation via XPCnativeWrapper pollution"--Mozilla says this fix includes "a series of vulnerabilities which can pollute XPCNativeWrappers and allow arbitrary code run with chrome privileges." The company credits Mozilla security researcher moz_bug_r_a4 for reporting the vulnerability.

MFSA 2008-39: Critical

Titled "Privilege escalation using feed preview page and XSS flaw"--Mozilla says this fixes "a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges." The company credits Mozilla security researcher moz_bug_r_a4 for reporting this vulnerability. Firefox 3 is not affected by this issue.

MFSA 2008-37: Critical

Titled "UTF-8 URL stack buffer overflow"--Mozilla says "a specially crafted UTF-8 URL in a hyperlink...could overflow a stack buffer and allow an attacker to execute arbitrary code." The company credits Mozilla security researcher Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs for reporting this vulnerability. Firefox 3 is not affected by this issue.

MFSA 2008-38: High

Titled "nsXMLDocument::OnChannelRedirect() same-origin violation"--Mozilla says the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed and could be used to execute JavaScript in the context of a different Web site. The company credits Mozilla security researcher moz_bug_r_a4 for reporting this vulnerability. Firefox 3 is not affected by this issue.

MFSA 2008-43: Moderate

Titled "BOM characters stripped from JavaScript before execution"--Mozilla says certain BOM characters are stripped from JavaScript code before it is executed and could lead to code being executed. The company credits Microsoft developer Dave Reed and security researcher Gareth Heyes for reporting the vulnerability.

MFSA 2008-44: Moderate

Titled "resource: traversal vulnerabilities"--Mozilla says the restrictions imposed on local HTML files could be bypassed using the resource: protocol, allowing an attacker to read information about the system and prompt the victim to save the information in a file. The company credits Mozilla developer Boris Zbarsky and Georgi Guninski for reporting this vulnerability.

MFSA 2008-40: Low

Titled "Forced mouse drag"--Mozilla says the vulnerability allows an attacker to move the content window while the mouse is being clicked, causing an item to be dragged rather than clicked-on possibly forcing a user to download a file or perform other drag-and-drop actions. The company credits Mozilla developer Paul Nickerson for reporting this variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.

MFSA 2008-45: Low

Titled "XBM image uninitialized memory reading"--Mozilla says a bug in the XBM decoder allowed random small chunks of uninitialized memory to be read. The company credits Billy Hoffman with reporting this vulnerability. Firefox 3 is not affected by this issue.

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Delete your photos by mistake?

    Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.