Posts Tagged Security

Changes in Firefox 3.6.13

In the current Firefox version 3.6.13 there are several changes that improve both the stability and the security of the browser. In total there were 11 security-related updates.

  • Incomplete fix for CVE-2010-0179
  • Integer overflow vulnerability in NewIdArray
  • Use-after-free error with nsDOMAttribute MutationObserver
  • Java security bypass from LiveConnect loaded via data: URL meta refresh
  • Add support for OTS font sanitizer
  • Crash and remote code execution using HTML tags inside a XUL tree
  • Chrome privilege escalation with window.open and ISINDEX element
  • Buffer overflow while line breaking after document.write with long string
  • Miscellaneous memory safety hazards
  • Location bar SSL spoofing using network error page
  • XSS hazard in multiple character encodings

, , ,

No Comments

Firefox 3.6.12 fixes a critical security issue

After the release of Firefox 3.6.11 Mozilla has presented the next version of the successful web browser. More or less pleasant, of course, are the reasons that led to a new update. Morten Kråkvik has found a vulnerability in Firefox, with that he could provoke a heap buffer overflow. This makes it theoretically possible that an attacker could execute malicious code on the computer.

The vulnerability can be achieved by the use of Javascript functions document.write exploit with DOM. This problem affect the versions Firefox 3.6 and 5.3, also Thunderbird and SeaMonkey are affected. It is gratifying, however, that Mozilla has reacted quickly and has now fixed the vulnerability. With the new version Firefox 3.6.12, surfing through the internet is safe again.

, ,

No Comments

Mozilla closes lot of security issues in Firefox 3.6.7

Mozilla has released another version of Firefox. With release 3.6.7 a lot of security issues are resolved. About 8 critical and 2 high priority problems.

A list of the fixed bugs:

  • Remote code execution using malformed PNG image
  • nsTreeSelection dangling pointer remote code execution vulnerability
  • nsCSSValue::Array index integer overflow
  • Arbitrary code execution using SJOW and fast native function
  • Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
  • Use-after-free error in NodeIterator
  • DOM attribute cloning remote code execution vulnerability
  • Miscellaneous memory safety hazards

Most of the bugs comes together with buffer overflow and remote code executing. Please update to Firefox 3.6.7 as soon as possible.

, , ,

No Comments