CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 28th, 2009

Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

The open-source group Mozilla released Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue. The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.

The changes include:

MFSA 2009-13: Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.

MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.

Share this item with others:

More on CyberInsecure:
  • Firefox 2.0.0.13 Is Out
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15
  • Five Vulnerabilities Patched In Firefox 3.0.2 and 2.0.0.17, Two Of Them Are Critical
  • Critical Memory Flaws Fixed By Mozilla In Firefox 3.0.7

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.