Firefox 3 received three fixes, each addressing flaws rated as 'critical' by Mozilla. Each flaw could be targeted by an attacker to perform remote code execution attacks on the user's system.
The first of the patches only affects MacOS X users. The vulnerability could allow for an attack launched from a malformed GIF file. The specially-crafted image could be used to cause an application crash which would then leave the system vulnerable to remote code execution.
The second flaw addresses an issue related to the handling of uniform resource identifier (URI) code, which allows external applications to access the browser.
Researcher Billy Rios found that adding certain symbols to a URI could allow an attacker to bypass Firefox's security measures and launch further attacks on the browser, such as the Safari 'carpet bomb' attacks reported last month.
The third vulnerability addresses the way Firefox handles cascading style sheet (CSS) code. An attacker could use a specially-crafted CSS object to cause an application crash which would then allow remote code execution.
Firefox 2 also received updates. The older version of the browser was also found to be vulnerable to the CSS and URI attacks, though a patch for the OS X GIF vulnerability was not deemed necessary.
Users can download both of the updates from Mozilla, though both the US Computer Emergency Response Team (US-CERT) and security group Sans recommend that Firefox 2 users consider upgrading to the new version of the browser, as support for Firefox 2 is set to end later this year.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
