Establishing Digital Trust: Don't Sacrifice Security for Convenience
Mozilla has updated its flagship FireFox browser to version 22.214.171.124 and, in the process, fixed no less than 12 flaws.
Five of the vulnerabilities are classified by Mozilla as "critical" and two are rated as "high."
Among the "critical" vulnerabilities is "Mozilla Foundation Security Advisory 2006-32," which fixes a potential memory corruption vulnerability.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i"Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable, "the Mozilla advisory said.
A critical privilege escalation exploit also got plugged in Firefox 126.96.36.199 that could have been exploited via persisted XUL attributes that are associated with an incorrect URL.
XUL (define)is an acronym for an XML-based User Interface Language (pronounced "zuul") and is Mozilla's language for creating its user interface.
Mozilla Foundation Security Advisory 2006-37 is titled,"Remote compromise via content-defined setter on object prototypes." It is also labeled as "critical."
Mozilla's advisory on the potential XUL vulnerability as well as the object prototypes and a few other items were among 12 publicly reported vulnerabilities. But more details were hard to come by as of presstime.
"Exploit details withheld until sufficient users upgrade to a fixed version." Mozilla's advisories said.
However, at least one of the vulnerabilities that Mozilla rated as "high" included more detail. Mozilla Foundation Security Advisory 2006-33, titled "HTTP response smuggling" explains how Firefox could be fooled by a malicious proxy server's response to a page request.