Mozilla patches critical Firefox flaws

The latest version of the browser, Firefox 3.6.4, patches seven vulnerabilities, including four critical flaws that could allow a remote attacker to control a system

A Firefox update has been released that patches four critical flaws, each of which could allow a hacker to take over a computer system.

Mozilla announced version 3.6.4 of the web browser, which contains the fixes, in a Mozilla blog post on Tuesday. The update tackles seven vulnerabilities in all, according to Mozilla's security advisories aggregation page.

One of the four critical vulnerabilities, a heap buffer overflow flaw, was found by researcher Nils, of Basingstoke-based security firm MWR Infosecurity. Nils, who declines to give out his surname for security reasons, released proof-of-concept exploit code for the flaw in a paper on Wednesday.

The heap buffer overflow vulnerability affects Mozilla Firefox on 64-bit platforms. Using the flaw, an attacker could cause a vulnerable system to crash and then take it over, though the victim would need to visit a malicious website for the flaw to be exploited.

The cause of the flaw is that the length of strings is not properly sanitised, according to the MWR Infosecurity paper.

Mozilla addressed three other critical flaws in Firefox 3.6.4. An integer overflow vulnerability reported via TippingPoint's Zero Day initiative could also cause a browser crash and open the door to an outsider. Another bug lies in how one plug-in interacts with a second plug-in, while the third is associated with crashes caused by memory corruption. Both these last two security holes could be exploited by an attacker to run arbitrary code, according to Mozilla.

The remaining security bugs in the update include two rated moderate risk, one that opens the door to keystroke hijack and another related to a  problem with an HTTP header. The final flaw, rated low risk, identified a seed value that could be used as a unique identifier to track a user's behaviour online.

Firefox 3.6.4 has also debugged Lorentz, its sandboxing feature which prevents failed plug-ins from crashing the whole browser.

Mozilla periodically patches a number of vulnerabilities in one go. For example, in February, it fixed five security holes in older versions of the browser.