Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla’s security response team has rushed out a patch to protect users from code execution attacks.
With Firefox 3.5.1, rated a “critical” update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.
Mozilla explains:
In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.
This vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.
Separately, a new version of Google Chrome was released to patch a pair of security flaws that could allow malicious code execution if a Chrome user simply surfs to a booby-trapped Web page.
The skinny from Google:
Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.
The second vulnerability could allow a compromised renderer (tab) process to cause the browser process to allocate very large memory buffers.
This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
