According to vulnerability monitoring firm Secunia, the bug – reported late last month – is caused due to "a reference to a deleted object when designMode (used for rich text editing) is enabled." The flaw can be exploited to corrupt memory and cause a crash by executing arbitrary code.
The payload can cause a Denial of Service (DoS) condition and the compromise of a user's system, according to the Secunia advisory. The vulnerability – reported by Martijn Wargers and Nick Mott –affected Firefox versions 1.5 through 1.5.0.2.
The bug was fixed in version 1.5.0.3, but users can temporarily disable JavaScript as a workaround until they upgrade to the updated version.
Tuesday's patch follows a rough April for Firefox – typically considered a much safer option to market leader Microsoft Internet Explorer. Mozilla fixed 21 vulnerabilities last month, 13 of which the company deemed critical.
In the recently released SANS Top 20 Internet Security Vulnerabilities, rapid growth in critical Firefox flaws is listed as the No. 4 trend. Experts have said that as more people turn to Firefox – now approximately 15 percent of the surfing community – hackers will focus more attention on discovering and exploiting new vulnerabilities.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
