Firefox 3.6.13 issued to fix 13 flaws

By

Eleven "critical" flaws.

Mozilla has issued an updated version of its Firefox web browser to fix 13 vulnerabilities, most of which were labeled "critical."

Firefox 3.6.13 issued to fix 13 flaws

The update, Firefox 3.6.13 and 3.5.16, fixes 11 critical flaws that could result in a remote attacker installing malicious software on victim machines, according to Mozilla's security advisory. Of the remaining bugs, one was rated “high” in severity, and another “moderate.”

In all, the vulnerabilities could allow an attacker to execute arbitrary code, operate with elevated privileges, or spoof the location bar, according to an advisory posted by the US-CERT.

One of the patches fixes a critical arbitrary code execution bug in Firebug, a popular Firefox website debugging and editing add-on. The flaw was originally fixed in late March and, at the time, Mozilla said it did not affect Firefox 3.6.

The same Mozilla researcher who originally reported the flaw, however, discovered that the initial patch could be circumvented, permitting the execution of arbitrary JavaScript, according to Mozilla's security advisory.

The latest patch addresses both Firefox 3.5 and 3.6.

Other vulnerabilities fixed in the update include several memory safety, buffer and integer overflow, location bar SSL spoofing and cross-site scripting bugs.

Some of the flaws also affect Mozilla's SeaMonkey application suite and the Thunderbird email client. These were fixed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
firefoxfixflawsissuedsecurityto

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?