Mozilla plugs Firefox code execution holes

Mozilla plugs Firefox code execution holes

Summary: Mozilla today shipped Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical.

SHARE:

Mozilla today shipped Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical.

The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warned in a series of security advisories.

Here's the skinny on the latest batch of Firefox band-aids:

[ SEE: Talking Firefox security with Mozilla’s Window Snyder ]

  • MFSA 2009-11 (Low risk) Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page.
  • MFSA 2009-10 (Critical) libpng maintainer Glenn Randers-Pehrson reported several memory safety hazards in PNG libraries used by Mozilla. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to a version which contained fixes for these flaws.
  • MFSA 2009-09 (High risk) Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website.
  • MFSA 2009-08 (Critical) An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the browser on a page with such linked elements, the browser would crash when attempting to access an object which was already destroyed. An attacker could use this crash to run arbitrary code on the victim's computer.
  • MFSA 2009-07 (Critical)  Four different vulnerabilities leading to browser crashes with evidence of memory corruption.

Topics: Browser, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Ryan, any information on when these vulnerabilities

    were discovered/revealed to [b]Mozilla[/b] and whether any attacks exploiting them are know to have occured in the wild ? Such information would be relevant for those of us who attempt to follow how quickly various organisations patch discovered flaws in their respective browsers....

    Henri
    mhenriday
    • You should be able to obtain this information from the advisories.

      For example MFSA 2009-07 was reported 2009-01-03. So it appears to be approximately two months before the patch was released (though there is mention a patch was available the day it was reported).

      The bug appears to have been present for some time as it affects FF 2.
      ye
  • RE: Mozilla plugs Firefox code execution holes

    Ahh, paybacks a $!tch. This goes to all you firefox lovers out there who were poke'in fun at IEs security holes a couple months back.
    dracomaster
  • RE: Mozilla plugs Firefox code execution holes

    I think it would be damn near impossible for anyone to write a modern web browser that didn't have some security issues - I think most people underestimate just how complex web browser software actually is...
    TroyW
  • RE: Mozilla plugs Firefox code execution holes

    You can see how effectively firefox security updates are rolled out to end-users here: http://www.statowl.com/web_browser_usage_by_subversion_trend.php?1=1&timeframe=last_6&interval=month&chart_id=13&fltr_br=&fltr_os=&fltr_se=&fltr_cn=&holder%5B%5D=firefox&limit%5B%5D=3&chart_id=11
    caffeinejolt
  • RE: Mozilla plugs Firefox code execution holes

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut