Mozilla has released an updated version of its
Firefox browser, fixing
critical security flaws that could be exploited by attackers to
gain access to sensitive information, cause a denial of service or
execute arbitrary code.
The flaws have been addressed in Firefox version 2.0.0.5, which
will automatically update for most users. Mozilla's last
Firefox update was in May, when it patched
several critical vulnerabilities.
Mozilla's
MFSA 2007-18 advisory addresses a critical
memory corruption which could result in 32 separate crash
conditions. The issues could be exploited by an attacker to
execute arbitrary code. Mozilla Thunderbird, which also uses
Firefox has also been updated to correct the issues.
 |
| Firefox update: | May -
Mozilla fixes Firefox flaws: Firefox versions 2.0.0.4 and
1.5.0.12 fix flaws attackers could exploit to do a variety of
damage. Mozilla says this is the final update for Firefox
1.5.
Who patches better: Microsoft or Mozilla? In
this interview, Window Snyder, Mozilla's security chief,
discusses the vendors patching strategy and compares it to
Microsoft's update
plan. |
|
| |
|
"Without further investigation we cannot rule out the
possibility that for some of these an attacker might be able to
prepare memory for exploitation through some means other than
JavaScript, such as large images," Mozilla said in its
advisory.
The
MFSA 2007-19 advisory addresses a timing
issue when using 'addEventLstener' or 'setTimeout.' Mozilla said
the timing issue could result in cross-site-scripting and
cross-domain attacks.
MFSA 2007-20 addresses a low-impact frame
spoofing issue, which could allow the injection of content into
about:blank frames in a page.
Mozilla's
MFSA 2007-21 advisory addresses an event
handling error that could lead to arbitrary code execution.
Mozilla said the flaw could be used by a remote attacker to gain
access to the browser.
MFSA 2007-22 through MFSA 2007-24 address a
critical issue which could allow remote code execution by
launching Firefox from Internet Explorer, a less critical file
extension error and a high-impact wyciwyg:// documents
error.
"The vulnerability is exposed when a user browses to a malicious
web page in Internet Explorer and clicks on a specially crafted
link," Mozilla said in its advisory. "That link causes Internet
Explorer to invoke another Windows program via the command line and
then pass that program the URL from the malicious webpage without
escaping the quotes."
The
MFSA 2007-25 advisory addresses a flaw in
the XPC native wrapper that could be modified by an attacker to
gain browser access.
The updates prompted Symantec to issue a vulnerability alert to
its customers advising them to upgrade to the latest version.
Symantec said an attacker could steal cookie-based authentication
credentials, launch denial-of-service attacks and ultimately
compromise the browser.
"To exploit most of the described vulnerabilities, an attacker
must either host a malicious website or send malicious HTML email
to unsuspecting users," Symantec said in its advisory.