Mozilla Patches Some Firefox Holes
Mozilla makes it tougher to execute cross site scripting attacks but has it left a critical password bug open?
The Mozilla Foundation Security Advisory 2007-02, broadly titled "Improvements to help protect against Cross-Site Scripting attacks," provides a fix for the password vulnerability flaw. The advisory is listed as having low impact, though the original bugzilla entry page for the password flaw listed the flaw as critical.
According to Mozilla's advisory, Firefox 18.104.22.168 and 22.214.171.124 both contained several small changes that are intended to make it easier for sites to protect visitors against Cross-Site Scripting (XSS) attacks.
The one critical bug identified by Mozilla in the latest release is a crash condition that could lead to a memory corruption, according to Mozilla's advisory.