On Wednesday, Mozilla released Firefox 2.0.017 and Firefox 3.0.2, updated versions of its browser, to address numerous security vulnerabilities.
Four are ranked by Mozilla as critical, one high, two moderate and the rest of the patches are considered low-priority. About half do not apply to Firefox 3.
The updates are pushed out automatically to current users and will take effect the next time the browser is restarted. Current users of Firefox 2 are encouraged to upgrade by manually downloading Firefox 3 as soon as possible.
MFSA 2008-42: Critical
Titled "Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)".
Mozilla said, under certain circumstances, memory corruption could be exploited to run arbitrary code.
The company credited Drew Yao of Apple Product Security and David Maciejak for reporting the vulnerability.
MFSA 2008-41: Critical
Titled "Privilege escalation via XPCnativeWrapper pollution".
Mozilla said this fix includes "a series of vulnerabilities which can pollute XPCNativeWrappers and allow arbitrary code run with chrome privileges".
The company credited Mozilla security researcher moz_bug_r_a4 for reporting the vulnerability.
MFSA 2008-39: Critical
Titled "Privilege escalation using feed preview page and XSS flaw".
Mozilla said this fixes "a series of vulnerabilities in feedWriter which allow scripts from page content to run with chrome privileges".
The company credited Mozilla security researcher moz_bug_r_a4 for reporting this vulnerability. Firefox 3 is not affected by this issue.
MFSA 2008-37: Critical
Titled "UTF-8 URL stack buffer overflow".
Mozilla said "a specially crafted UTF-8 URL in a hyperlink...could overflow a stack buffer and allow an attacker to execute arbitrary code".
The company credited Mozilla security researcher Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs for reporting this vulnerability. Firefox 3 is not affected by this issue.
MFSA 2008-38: High
Titled "nsXMLDocument::OnChannelRedirect() same-origin violation".
Mozilla said the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed and could be used to execute JavaScript in the context of a different Web site.
The company credited Mozilla security researcher moz_bug_r_a4 for reporting this vulnerability. Firefox 3 is not affected by this issue.
MFSA 2008-43: Moderate
Titled "BOM characters stripped from JavaScript before execution".
Mozilla said certain BOM characters are stripped from JavaScript code before it is executed and could lead to code being executed.
The company credited Microsoft developer Dave Reed and security researcher Gareth Heyes for reporting the vulnerability.
MFSA 2008-44: Moderate
Titled "Resource: traversal vulnerabilities".
Mozilla said the restrictions imposed on local HTML files could be bypassed using the resource: protocol, allowing an attacker to read information about the system and prompt the victim to save the information in a file.
The company credited Mozilla developer Boris Zbarsky and Georgi Guninski for reporting this vulnerability.
MFSA 2008-40: Low
Titled "Forced mouse drag".
Mozilla said the vulnerability allows an attacker to move the content window while the mouse is being clicked, causing an item to be dragged rather than clicked-on, possibly forcing a user to download a file or perform other drag-and-drop actions.
The company credited Mozilla developer Paul Nickerson for reporting this variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu.
MFSA 2008-45: Low
Titled "XBM image uninitialized memory reading".
Mozilla said a bug in the XBM decoder allowed random small chunks of uninitialized memory to be read.
The company credited Billy Hoffman with reporting this vulnerability. Firefox 3 is not affected by this issue.
This article was first published as a blog on CNET News.com.
Play video
There are currently no comments for this post.