Mozilla ranked the threat level of five of the flaws "critical," two "high" and one "low." Vulnerability tracking firm Secunia ranked the package of vulnerabilities "highly critical."
Window Snyder, Mozilla's security chief, told SCMagazine.com that discovering holes in Firefox offerings should not be viewed as a negative.
"It's definitely a good thing for us to identify bugs, and when we're fixing more bugs, the product is more secure," she said.
Researchers noted that Mozilla failed to fix a password manager vulnerability in Firefox. The bug, reported Nov. 21 by Chapin Information Services, exposes saved usernames and passwords to attackers through a vulnerability being called a "reverse cross-site request."
"The flaw could affect anyone visiting a weblog or forum website that allows user-contributed HTML codes to be added," according to Chapin.
Snyder said Mozilla is planning to plug the hole in its next version release, scheduled to appear in six to eight weeks.
"We want to make sure we're addressing it the right way," she said. "The way we want to fix it requires more of an investment."
The issue has been fixed in MySpace, where it was first reported, Snyder said.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
