Mozilla ranked the threat level of five of the flaws "critical," two "high" and one "low." Vulnerability tracking firm Secunia ranked the package of vulnerabilities "highly critical."
Window Snyder, Mozilla's security chief, told SCMagazine.com that discovering holes in Firefox offerings should not be viewed as a negative.
"It's definitely a good thing for us to identify bugs, and when we're fixing more bugs, the product is more secure," she said.
Researchers noted that Mozilla failed to fix a password manager vulnerability in Firefox. The bug, reported Nov. 21 by Chapin Information Services, exposes saved usernames and passwords to attackers through a vulnerability being called a "reverse cross-site request."
"The flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added," according to Chapin.
Snyder said Mozilla is planning to plug the hole in its next version release, scheduled to appear in six to eight weeks.
"We want to make sure we're addressing it the right way," she said. "The way we want to fix it requires more of an investment."
The issue has been fixed in MySpace, where it was first reported, Snyder said.
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
