October 19th, 2007

Mozilla plugs 10 more Firefox holes

Posted by Ryan Naraine @ 7:57 am

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Microsoft, Mozilla, Passwords, Patch Watch, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Mozilla Firefox, Vulnerability, Web Browser, Mozilla Corp., MFSA, Web Browsers, Security, Internet, Ryan Naraine

Mozilla has shipped the eighth refresh of its flagship Firefox 2 browser to fix at least 10 vulnerabilities affecting Windows and Linux users.

The latest Firefox 2.0.0.8 update includes another two patches rated “critical” because of the risk of code execution.

The first high-priority issue (MFSA 2007-35) swats a bug that allows attackers to execute malicious JavaScript code with the rights of the local user.

[It is] possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome — such as by right-clicking to open a context menu — can cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5

Mozilla also released (MFSA 2007-29) to fix two vulnerabilities found that could cause browser crashes “with evidence of memory corruption.”

The latest update, which now supports Mac OS X Leopard, includes another fix (MFSA 2007-36) for the URI protocol handling issue that has haunted Windows users all year; a bug (MFSA 2007-34) that makes it possible to steal files through the SFTP protocol and a flaw (MFSA 2007-33) that allows XUL pages to hide the window titlebar.

It also fixes a file input focus stealing vulnerability (MFSA 2007-32); a browser digest authentication request splitting flaw (MFSA 2007-31) and an onUnload Tailgating issue MFSA 2007-30 that can lead to spoofing attacks.