Mozilla plugs 10 more Firefox holes
The latest Firefox 2.0.0.8 update includes another two patches rated "critical" because of the risk of code execution.
The first high-priority issue (MFSA 2007-35) swats a bug that allows attackers to execute malicious JavaScript code with the rights of the local user.
[It is] possible to use the
Script
object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome -- such as by right-clicking to open a context menu -- can cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5
Mozilla also released (MFSA 2007-29) to fix two vulnerabilities found that could cause browser crashes "with evidence of memory corruption."
The latest update, which now supports Mac OS X Leopard, includes another fix (MFSA 2007-36) for the URI protocol handling issue that has haunted Windows users all year; a bug (MFSA 2007-34) that makes it possible to steal files through the SFTP protocol and a flaw (MFSA 2007-33) that allows XUL pages to hide the window titlebar.
It also fixes a file input focus stealing vulnerability (MFSA 2007-32); a browser digest authentication request splitting flaw (MFSA 2007-31) and an onUnload Tailgating issue MFSA 2007-30 that can lead to spoofing attacks.