Firefox dirty dozen: Mozilla patches 'critical' browser flaws

Firefox dirty dozen: Mozilla patches 'critical' browser flaws

Summary: Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.

SHARE:
TOPICS: Browser, Security
46

Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website.

In all, the open-source released nine bulletins documenting 12 security vulnerabilities.    Five of the bulletins are rated "critical," meaning that those vulnerabilities can be exploited to run attacker code and install software, requiring no user interaction beyond normal browsing.

Here's the raw information on the critical updates:

MFSA 2010-71 Unsafe library loading vulnerabilities:

follow Ryan Naraine on twitter

Mozilla developer Ehsan Akhgari reported that a function used to load external libraries on Windows platforms was using a relative path to a DLL-loading application and was thus vulnerable to binary planting if an attacker was able to place an executable of the same name in the current working directory or any of the other locations that Windows searches for executables.

Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.

MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter:

Security researcher regenrecht reported that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory.

MFSA 2010-66 Use-after-free error in nsBarProp

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.

MFSA 2010-65 Buffer overflow and memory corruption using document.write

Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer.

MFSA 2010-64 Miscellaneous memory safety hazards

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

The update is being shipped via the browser's auto-update mechanism.

Topics: Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

46 comments
Log in or register to join the discussion
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

    First one to upgrade at the office!
    Loverock Davidson
    • Love's Office moves away from IE to Open Source

      @Loverock Davidson
      Next they will be moving to OpenOffice from Oracle. Then it will be Linux.

      Riding with Penguins in a World of Glass and Fruit.
      Hooay!
      daikon
      • Except that Firefox is a great browser and gets work done

        - OpenOffice is not a good product when compared to Microsoft Office. One is just more refined than the other one. OpenOffice might be a great product for the small-time user, but not for a larger company.

        -A lot of companies need programs only Windows provides.
        Michael Alan Goff
      • Um, goff, Firefox works just fine with windows

        @Linux Rocks Open office is a good product. I would venture that most businesses would be able to do 99% of what they do now. The main differences comes from the abnormal file structures that microsoft employs to lock in the companies. Hell, most companies could likely do what they need with the office suite that existed back in 97, plus it would likely run a heck of a lot faster since it does not have the bloat factor.
        richard233
      • I know Firefox works with Windows

        I was more commenting to the comment that they should move to Linux. It might not be possible for them to, if they use programs that are Windows Only.

        I was actually saying that Firefox was a great browser.
        Michael Alan Goff
      • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

        @richard233,

        "The main differences comes from the abnormal file structures that microsoft employs to lock in the companies. Hell, most companies could likely do what they need with the office suite that existed back in 97, plus it would likely run a heck of a lot faster since it does not have the bloat factor."

        Or maybe Office is far superior when connecting to ERPs like SAP. Or including basic email/calendar functionality like Office includes with Outlook. Or business intelligence features/ECM when it integrates with SharePoint. So it looks like what you call bloat many business and enterprises name it functionality...
        dvm
      • "abnormal file structures"??? WTF?

        @richard233
        Funny thing how most office suite programs, including OpenOffice can open MS Office files without a whole lot of grief - most of the time. In fact the only time you DO find grief is when there's a feature embedded in the document that the other guys don't support very well. The file structures themselves are actually fairly well documented. DOCX files are nothing more than ZIP files with a specific layout. There are folders for text, graphics, fonts and formatting and XML files that link everything into a coherent document.

        Seems to me that if the format is THAT well documented, it's not Microsoft's fault other programs have problems rendering them.
        Wolfie2K3
    • Do these flaws affect linux systems or just Windows

      again
      Tom6
      • Re: Linux systems

        @Tom6
        Some of them do. For example, the unwanted expansion of "LD_LIBRARY_PATH" Directories is a Linux bug.
        Rick S._z
  • Wait........

    now you are calling your room in your mom's basement the office? HaHaHa....OK Lovie, if you say so!
    todbran9
    • LOL... LOL... :D

      Hilarious. And prolly true.

      [i]more[/i] LOL... :D
      ahh so
  • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

    What a load of crap! So I fire up Firefox, and it sits there doing nothing after five minutes, I decide to manually go check for updates, and it says 3.6.11 is available. So I go and update it manually, the next thing it says update Adobe Flash plugin. OK I do that, it restarts Firefox, then in the background the Adobe Download Manager runs. Slowly at that. OK After another five minutes (total 12 minutes so far), the new Adobe 10.1 (which was already loaded in my system BTW) loads but it loaded what I call BLOATWARE, perhaps even MALWARE, by also loading, unrequested, unsolicited, McAfee Security Scan, installed under C:\Program Files (x86). I don't want crap! I choose not to trust McAfee. So now I've got to go uninstall all this unsolicited SPAM crapware, thanks Mozilla Firefox & Adobe...

    These constant bi-weekly updates are total nonsense. Get it right. Get it stable. Or don't do it at all.

    These are incompetent developers! Nothing to do with quick security fixes, when you are voted (3) years in a row as being the MOST VULNERABLE APPLICATION -- YES Firefox.

    [i]~~~~~~~~~~
    Do it
    Do it right
    Do it right now![/i]
    WinTard
    • They should wait until they have a perfect product

      It should be out the day after never.
      Michael Alan Goff
    • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

      @WinTard That's what happens when you go clickey-clickey, next next finish. Next time, read the prompts and you'll see where you could chose not to install what you're complaining about. You could drop the reference to windows from your ID and would still get the point across.
      SpikeyMike
      • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

        @SpikeyMike

        Nope your're wrong, no clickey, click, click...
        I simply said yes to the plugin, that subsequently downloaded the full thing from within Firefox, as the adobe download manager (another piece of bloat/fat/crapware). No choice there from within Firefox's context. The Adobe download manager ran automatically in the background downloading both Flash, and the crapware McAfee.

        You assume, whereas I experience. And simply report the facts. Just the facts. Good or bad.

        [i]~~~~~~~~~~~
        The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is.
        ~ Winston Churchill[/i]
        WinTard
    • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

      @WinTard
      Maybe next time you'll be sure to read the directions on the Flash download page, huh?
      FYI, it gives you a choice as to what you download and install. Get a clue.
      ITOdeed
      • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

        @EatingHay

        You get a clue! It downloaded from within Firefox's suggestion. On top of that, it had already been done, manually, since I track these things, as I use IE9, FF the latest, and Chrome the latest, as well as Windows 7, Windows 2008, Aix, HP-UX, Solaris, Linux Red Hat, Ubuntu, et al.

        [i]~~~~~~~~~~~
        What You Can?t -- You Must!
        ~ Tony Robbins[/i]
        WinTard
      • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

        @EatingHay agree here too<br>WinTard is a tard so he wasn't paying attention. They moved the boxes around a little while ago, now it is on the right side of the screen instead of directly below. I had the update a few days ago and almost didn't catch it myself! Pay attention Tard!!
        SteelTrepid
      • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

        @WinTard Wow, even *I* had no trouble with this. RTFI!
        And "just the facts" won't include the word *crapware*. Sounds to me like you'd rather use another browser. So do.
        Papa_Bill
    • RE: Firefox dirty dozen: Mozilla patches 'critical' browser flaws

      @WinTard Very smart man, Finally someone else that knows McAfee is crap. LOL!! I have met so many people that think it is the greatest. Then wonder why they have viruses. Don't trust anything but Norton.
      lilabner20032003