Mozilla Issues Critical Firefox Security Bulletins

Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.

The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page.  In all, Mozilla released 11 advisories, six rated critical. Here's a list of the security vulnerabilities being addressed:

• MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
• MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
• MFSA 2009-62 Download filename spoofing with RTL override
• MFSA 2009-61 Cross-origin data theft through document.getSelection()
• MFSA 2009-59 Heap buffer overflow in string to number conversion
• MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
• MFSA 2009-56 Heap buffer overflow in GIF color map parser
• MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
• MFSA 2009-54 Crash with recursive web-worker calls
• MFSA 2009-53 Local downloaded file tampering
• MFSA 2009-52 Form history vulnerable to stealing

Read the release notes [mozilla.com]

Commenting on this Article is closed.