On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

September 9th, 2009

Mozilla patches 'drive-by download' security flaws

Posted by Ryan Naraine @ 5:48 pm

Categories: Anti Virus, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Java, Mozilla, Open source, Patch Watch, Responsible disclosure

Tags: Web, Mozilla Firefox, Attacker, Vulnerability, Patch Management, Web Browser, Mozilla Corp., Web Browsers, Patches, Security

Mozilla has released a new version of its flagship Firefox browser to fix 10 vulnerabilities that put Web surfers at risk of code execution attacks.

The Firefox 3.5.3 update — available for Windows, Mac and Linux users — patches security holes that could allow drive-by download attacks if a user simply surfs to a booby-trapped Web site.

The open-source group released four bulletins — three rated critical — to explain the issues:

  • MFSA 2009-51 — The BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges.
  • MFSA 2009-49 — The columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim’s browser and run arbitrary code on the victim’s computer.
  • MFSA 2009-47 –  Crashes with evidence of memory corruption. Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
  • MFSA 2009-50 — The default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.

The Firefox update is being pushed out via the browser’s automatic update mechanism.  It can also be downloaded directly from Mozilla’s Web site.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 10 Talkback(s)
"Openly" because MS says so? Because you say so?
Microsoft is committed to reporting vulnerabilities openly

So where's IE's publicly browsable source code repository?

Read the rest)
Posted by: Zogg Posted on: 09/12/09  (Edited: 09/12/09 @ 03:56) You are currently: a Guest | | Terms of Use
Whoa! This batch patches 10 critical vulns!  honeymonster | 09/10/09
At the end of the day...  Mike (not Cox) | 09/10/09
You are assuming that IE vulnerabilities are reported and fixed as openly.  Zogg | 09/10/09
FF'ers like to pretend its not but sadly it really is.  Johnny Vegas | 09/10/09
Yeah ...  Ronny102 | 09/10/09
All quite publicly discussed here over the last couple years.  Johnny Vegas | 09/10/09
Which would you rather use:  ye | 09/10/09
"Eyes open" vs "Head in the sand"  Zogg | 09/12/09
Yes, they are.  honeymonster | 09/10/09
"Openly" because MS says so? Because you say so?  Zogg | 09/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here