Mozilla, Google plug high-risk browser holes

Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla's security response team has rushed out a patch to protect users from code execution attacks.

Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla's security response team has rushed out a patch to protect users from code execution attacks.

With Firefox 3.5.1, rated a "critical" update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.

[ SEE: Attack code posted for unpatched Firefox 3.5 flaw ]

Mozilla explains:

In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.

We would like to thank community members Lucas Kruijswijk and Nochum Sossonko for isolating the problematic script from the original crashing site.

This vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.

Separately, a new version of Google Chrome was released to patch a pair of security flaws that could allow malicious code execution if a Chrome user simply surfs to a booby-trapped Web page.

The skinny from Google:

Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.

Google is withholding full details on the vulnerability, which is rated "high risk."
The second vulnerability could allow a compromised renderer (tab) process to cause the browser process to allocate very large memory buffers.

This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.

Google rates this issue as "critical" and warns that it could be used in tandem with another vulnerability to run code with the privileges of the logged on user.
Mozilla and Google both ship patches to users via the browser's built-in updating mechanism.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All