Modernizing Authentication — What It Takes to Transform Secure Access
The Mozilla Foundation Security Advisory 2007-02, broadly titled "Improvements to help protect against Cross-Site Scripting attacks," provides a fix for the password vulnerability flaw. The advisory is listed as having low impact, though the original bugzilla entry page for the password flaw listed the flaw as critical.
According to Mozilla's advisory, Firefox 220.127.116.11 and 18.104.22.168 both contained several small changes that are intended to make it easier for sites to protect visitors against Cross-Site Scripting (XSS) attacks.
The one critical bug identified by Mozilla in the latest release is a crash condition that could lead to a memory corruption, according to Mozilla's advisory.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i "Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory said.