The most serious flaw appears to involve a JavaScript privilege escalation problem, according to the SANS Internet Storm Center. This could force the browser to run malicious scripts that could lead to cross-site scripting or arbitrary code execution.
Storm Center handler Raul Siles wrote on the group's blog that users should consider running the open-source NoScript extension, offered by InformAction, to protect against attacks.
The other critical bug that was patched relates to a memory corruption error.
Mozilla also released version 1.1.9 of internet suite SeaMonkey and version 2.0.0.13 of email client Thunderbird.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0){kind=logo}
_(23).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
