Firefox Fixes By The Dozen

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Mozilla has updated its flagship FireFox browser to version and, in the process, fixed no less than 12 flaws.

Five of the vulnerabilities are classified by Mozilla as "critical" and two are rated as "high."

Among the "critical" vulnerabilities is "Mozilla Foundation Security Advisory 2006-32," which fixes a potential memory corruption vulnerability.

"Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable, "the Mozilla advisory said.

A critical privilege escalation exploit also got plugged in Firefox that could have been exploited via persisted XUL attributes that are associated with an incorrect URL.

XUL (define)is an acronym for an XML-based User Interface Language (pronounced "zuul") and is Mozilla's language for creating its user interface.

Mozilla Foundation Security Advisory 2006-37 is titled,"Remote compromise via content-defined setter on object prototypes." It is also labeled as "critical."

Mozilla's advisory on the potential XUL vulnerability as well as the object prototypes and a few other items were among 12 publicly reported vulnerabilities. But more details were hard to come by as of presstime.

The reason?

"Exploit details withheld until sufficient users upgrade to a fixed version." Mozilla's advisories said.

However, at least one of the vulnerabilities that Mozilla rated as "high" included more detail. Mozilla Foundation Security Advisory 2006-33, titled "HTTP response smuggling" explains how Firefox could be fooled by a malicious proxy server's response to a page request.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...