Mozilla patches 'critical' Firefox security hole

Mozilla patches 'critical' Firefox security hole

Summary: Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

SHARE:
TOPICS: Security, Browser
5

Mozilla has shipped an urgent Firefox security update to fix a vulnerability that exposes web surfers to malicious hacker attacks.

The vulnerability, fixed with the latest Firefox 10.0.1, causes a browser crash that may be exploitable to launch code execution attacks.

From Mozilla's advisory:

Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

[ SEE: Ten little things to secure your online presence ]

Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • RE: Mozilla patches 'critical' Firefox security hole

    Will this fix be backported to the 3.x release?
    How about other versions?
    Win8AnUglyDisaster
    • RE: Mozilla patches 'critical' Firefox security hole

      @johndow1 From the article:
      "The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.

      Looks like it was introduced in version 10. Please, Mozilla, slow down.
      Rabid Howler Monkey
  • RE: Mozilla patches 'critical' Firefox security hole

    Mozilla caught it before it was exploited, and since Firefox updates automatically it's not a problem anymore.
    Tony Burzio
    • RE: Mozilla patches 'critical' Firefox security hole

      @Tony Burzio Only if you are running as an administrator, which is bad security anyway... On my machine, there was no automatic update, not even a warning that a new version was available.

      Only after quiting and restarting "as administrator" brought up the option to update the browser.
      wright_is
  • RE: Mozilla patches 'critical' Firefox security hole

    That is why I check here and manually check for updates once in awhile.
    MoeFugger