Mozilla patches 'critical' Firefox security hole
Summary: Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
Mozilla has shipped an urgent Firefox security update to fix a vulnerability that exposes web surfers to malicious hacker attacks.
The vulnerability, fixed with the latest Firefox 10.0.1, causes a browser crash that may be exploitable to launch code execution attacks.
From Mozilla's advisory:
Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.
[ SEE: Ten little things to secure your online presence ]
Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Mozilla patches 'critical' Firefox security hole
How about other versions?
RE: Mozilla patches 'critical' Firefox security hole
"The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.
Looks like it was introduced in version 10. Please, Mozilla, slow down.
RE: Mozilla patches 'critical' Firefox security hole
RE: Mozilla patches 'critical' Firefox security hole
Only after quiting and restarting "as administrator" brought up the option to update the browser.
RE: Mozilla patches 'critical' Firefox security hole