Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8
The open-source group Mozilla released Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue. The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.
The changes include:
MFSA 2009-13: Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.
MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.