Critical Firefox security flaws addressed by Mozilla

Mozilla has attended to eight flaws in Firefox, fixing three critical and two high-impact vulnerabilities

Mozilla has released an updated version of its Firefox browser, fixing critical security flaws that could be exploited by attackers to gain access to sensitive information, cause a denial of service or execute arbitrary code.

The flaws have been addressed in Firefox version, which will automatically update for most users. Mozilla's last Firefox update was in May, when it patched several critical vulnerabilities.

Mozilla's MFSA 2007-18 advisory addresses a critical memory corruption which could result in 32 separate crash conditions. The issues could be exploited by an attacker to execute arbitrary code. Mozilla Thunderbird, which also uses Firefox has also been updated to correct the issues.

Firefox update:
May - Mozilla fixes Firefox flaws: Firefox versions and fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.

Who patches better: Microsoft or Mozilla? In this interview, Window Snyder, Mozilla's security chief, discusses the vendors patching strategy and compares it to Microsoft's update plan.

"Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images," Mozilla said in its advisory.

The MFSA 2007-19 advisory addresses a timing issue when using 'addEventLstener' or 'setTimeout.' Mozilla said the timing issue could result in cross-site-scripting and cross-domain attacks. MFSA 2007-20 addresses a low-impact frame spoofing issue, which could allow the injection of content into about:blank frames in a page.

Mozilla's MFSA 2007-21 advisory addresses an event handling error that could lead to arbitrary code execution. Mozilla said the flaw could be used by a remote attacker to gain access to the browser.

MFSA 2007-22 through MFSA 2007-24 address a critical issue which could allow remote code execution by launching Firefox from Internet Explorer, a less critical file extension error and a high-impact wyciwyg:// documents error.

"The vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link," Mozilla said in its advisory. "That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes."

The MFSA 2007-25 advisory addresses a flaw in the XPC native wrapper that could be modified by an attacker to gain browser access.

The updates prompted Symantec to issue a vulnerability alert to its customers advising them to upgrade to the latest version. Symantec said an attacker could steal cookie-based authentication credentials, launch denial-of-service attacks and ultimately compromise the browser.

"To exploit most of the described vulnerabilities, an attacker must either host a malicious website or send malicious HTML email to unsuspecting users," Symantec said in its advisory.

Read more on Operating systems software