Modernizing Authentication — What It Takes to Transform Secure Access
Mozilla is updating its mainline Firefox 3 browser with a security and stability update that provides at least nine security fixes, four of them "critical."
In addition to the latest version, 3.0.4, Firefox is pushing out 11 fixes for the older Firefox 2 browser, six of which are critical. If that wasn't enough, Mozilla is pushing forward at the same time on the development of its next browser platform Firefox 3.1 with Beta 2 testing today.
Another critical flaw fixed in the update is one for a buffer overflow in the http-index-format parser. Mozilla credits Justin Schuh of the IBM X-Force security group for reporting the flaw. According to the advisory, by "sending a specially crafted header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer."
Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Mozilla labeled the flaw "moderate" due to the complexity of its execution, which requires two components.
The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.
Firefox 2.x users get mostly the same fixes as the 3.x branch with a few notable exceptions. One of them is a critical fix involving the Adobe Flash Player and a potential arbitrary code execution issue. According to Mozilla's advisory on the issue, the flaw occurs because there are insufficient checks to determine if the Flash Player module is being properly unloaded. A flash file that gets unloaded improperly could trigger a crash, which could open the door for arbitrary code to run.
There's more to the fixes, such as a Firefox 2.x specific fix for an image stealing via canvas and HTTP redirect issue. According to Mozilla's advisory A simple HTTP redirect could have been used to potentially steal private information from a victim who is logged into a Web site that stores data in images.