Mozilla releases security fixes for Firefox

The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.

A total of nine security flaws were fixed in the new release.

The patches include a fix for flaws such as one that allows scripts from page content to run with elevated privileges. With this, an attacker could cause an object such as a browser sidebar to interact with web content so that an attacker's code had elevated privileges.

Another bug fixed involved a condition that resulted when navigating away from a web page during the loading of a Java applet. This could have resulted in freed memory that an attacker could write to before it is reused -- and then run arbitrary code on the victim's computer.

The other critical issues were problems of memory corruption crashes, which could be exploited to run arbitrary code, and null owner document event listeners, which could enable a malicious event handler to execute arbitrary JavaScript code.

The new version of Firefox, 3.0.11, is available for Windows, Mac and Linux users. Mozilla said that it strongly recommends that users upgrade to the latest release.


See original article on scmagazineus.com