The riskiest vulnerability - affecting Mozilla's web browser Firefox, email client Thunderbird and internet suite SeaMonkey - can be exploited by a malicious user modifying a Script object, which could allow for the remote execution of arbitrary JavaScript code, according to a Mozilla advisory issued Tuesday.
The second flaw could allow for the forging of RSA digital signatures, according to Mozilla.
"Forging an RSA signature may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid," the US-CERT alert said. "This may allow that attacker to impersonate a website or email system that relies on certificates for authentication."
The third vulnerability is related to memory corruption and could lead to a system crash.
News of the bugs comes two weeks after Mozilla released its latest browser version, Firefox 2.0.
Like Microsoft's Internet Explorer 7, also released last month, Firefox 2.0's most significant security feature is new anti-phishing technology, Window Snyder, Mozilla's recently hired security chief, has told SCMagazine.com.
A less visible security feature rests in the browser's use of "sandboxing," which prevents untrusted - possibly malicious - code from interacting outside the context of a specific webpage, Snyder said.
Click here to email Dan Kaplan
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
