Firefox plugs drive-by download security holes
Some of the vulnerabilities could be exploited to launch drive-by malware downloads or code execution attacks if a user simply surfs to a rigged Web page.
One of the vulnerabilities is a re-patch for an issue that Mozilla initially thought was fixed back in March.
According to Mozilla, 11 of the 13 vulnerabilities are rated "critical," meaning that they can can be used to run attacker code and install software, "requiring no user interaction beyond normal browsing."
In addition to remote code execution attacks, some of the flaws covered in this patch batch could lead to cross-site scripting, Java security bypass and denial-of-service attacks.
The vulnerabilities affect both Firefox 3.5 and 3.6. The patch is being delivered via the browser's automatic update mechanism.
Here's a quick glimpse of the advisories:
- MFSA 2010-84 XSS hazard in multiple character encodings
- MFSA 2010-83 Location bar SSL spoofing using network error page
- MFSA 2010-82 Incomplete fix for CVE-2010-0179
- MFSA 2010-81 Integer overflow vulnerability in NewIdArray
- MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
- MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
- MFSA 2010-78 Add support for OTS font sanitizer
- MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
- MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
- MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
- MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)