Newsletter:

Skip Navigation LinksHome > News > Security > Mozilla issues 'critical' Firefox fixes

Site Map |

Mozilla issues 'critical' Firefox fixes

By Shaun Nichols
29 March 2008 11:01AM
Tags: mozilla | issues | critical | firefox | fixes

Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser..

The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.

Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.

The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.

The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.

Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.

Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.

Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.

Copyright © 2008 vnunet.com

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 
Tripwire - Click here to win an iTouch



Tags

apple beta browser critical downloads firefox fixes flaw flaws four issues microsoft million mozilla patch patches plans safari security update


Product Reviews

Cyber-Ark Software Enterprise Password Vault
Star Rating
The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.
Hitachi ID Systems ID-Archive
Star Rating
The Hitachi ID-Archive sets its focus on password randomisation.
Lieberman Software Enterprise Random PM
Star Rating
The Lieberman Software Enterprise Random Pass­word Manager is a full-on password manager and randomiser for...
Proginet Corporation SecurForce
Star Rating
Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.
Siber Systems RoboForm Enterprise
Star Rating
On the surface, RoboForm Enterprise starts out looking like a single sign-on product, but that is just on the...
Unified Communications Podcast Centre

TopTopics
(7041) -  microsoft
(6494) -  iinet
(6485) -  copyright
(6485) -  afact
(6426) -  internet
(5935) -  servers
(5935) -  mipi
(4308) -  telstra
(4106) -  phone
(3761) -  broadband
(3672) -  nvidia
(3616) -  nbn
(2439) -  avg
(1972) -  onecare
(1921) -  google