We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Firefox Update Tackles Pair of Critical Bugs

Download our in-depth report: The Ultimate Guide to IT Security Vendors

While Mozilla is busily developing its next-generation Firefox 3 open source Web browser, work continues to improve stability and security with the current Firefox 2.x.

A case in point is the new Firefox release, which is accompanied by no less than six Mozilla Foundation Security Advisories -- two of them critical.

The critical bugs fixed in include a JavaScript privilege escalation and arbitrary code execution issue. According to Mozilla's advisory, the problem relates to a series of flaws that could have allowed page scripts to run with elevated privileges.

By running with elevated privileges, the script could potentially have been used by an attacker to exploit a vulnerable system.

The potential exploit isn't new for Mozilla, which said in its advisory that the bug is a variant on a pair of issues previously fixed in 2007 with the Firefox and the releases.

The second critical bug fix by Mozilla in the latest release relates to memory corruption.

"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products," Mozilla said in its advisory. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code."

The new release also addresses a unique spoofing vulnerability that could potentially be used by an attacker in a phishing exploit.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...