Web & AppsPosted by in Firefox on January 3rd, 2011
In the current Firefox version 3.6.13 there are several changes that improve both the stability and the security of the browser. In total there were 11 security-related updates.
- Incomplete fix for CVE-2010-0179
- Integer overflow vulnerability in NewIdArray
- Use-after-free error with nsDOMAttribute MutationObserver
- Java security bypass from LiveConnect loaded via data: URL meta refresh
- Add support for OTS font sanitizer
- Crash and remote code execution using HTML tags inside a XUL tree
- Chrome privilege escalation with window.open and ISINDEX element
- Buffer overflow while line breaking after document.write with long string
- Miscellaneous memory safety hazards
- Location bar SSL spoofing using network error page
- XSS hazard in multiple character encodings
