CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 28th, 2009

Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

The open-source group Mozilla released Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue. The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.

The changes include:

MFSA 2009-13: Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.

MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Firefox 2.0.0.13 Is Out
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15
  • Five Vulnerabilities Patched In Firefox 3.0.2 and 2.0.0.17, Two Of Them Are Critical
  • Critical Memory Flaws Fixed By Mozilla In Firefox 3.0.7

    • Posted in Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Saturday, March 28th, 2009 at 2:02 am and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « « Easter Related Search Engine Results Poisoned, Redirect Users To Malicious Applications
    Cheap Laser Device Allows Keystrokes Sniffing From Any PS/2 Keyboard » »