/>
X
Innovation

Mozilla patches 'critical' Firefox security hole

Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
ryan-naraine.jpg
Written by Ryan Naraine on

Mozilla has shipped an urgent Firefox security update to fix a vulnerability that exposes web surfers to malicious hacker attacks.

The vulnerability, fixed with the latest Firefox 10.0.1, causes a browser crash that may be exploitable to launch code execution attacks.

From Mozilla's advisory:

Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

[ SEE: Ten little things to secure your online presence ]

Mozilla rates this a "critical" vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop

Google Play malware: If you've downloaded these malicious apps, delete them immediately
a-man-sitting-in-his-living-room-looking-at-his-smartphone-with-concern

Google Play malware: If you've downloaded these malicious apps, delete them immediately