Download our in-depth report: The Ultimate Guide to IT Security VendorsMozilla updated its flagship Firefox browser to version 18.104.22.168 and the legacy version to release 1.5.10. The updated browser fixes at least seven flaws, including a password vulnerability bug rated critical last November.
The Mozilla Foundation Security Advisory 2007-02, broadly titled "Improvements to help protect against Cross-Site Scripting attacks," provides a fix for the password vulnerability flaw. The advisory is listed as having low impact, though the original bugzilla entry page for the password flaw listed the flaw as critical.
According to Mozilla's advisory, Firefox 22.214.171.124 and 126.96.36.199 both contained several small changes that are intended to make it easier for sites to protect visitors against Cross-Site Scripting (XSS) attacks.
The one critical bug identified by Mozilla in the latest release is a crash condition that could lead to a memory corruption, according to Mozilla's advisory.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory said.