Mozilla Issues Critical Firefox Security Bulletins

Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page.  In all, Mozilla released 11 advisories, six rated critical. Here’s a list of the security vulnerabilities being addressed:

Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.

The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page.  In all, Mozilla released 11 advisories, six rated critical. Here’s a list of the security vulnerabilities being addressed:

  • MFSA 2009-64
    Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
  • MFSA 2009-63
    Upgrade media libraries to fix memory safety bugs
  • MFSA 2009-62
    Download filename spoofing with RTL override
  • MFSA 2009-61
    Cross-origin data theft through document.getSelection()
  • MFSA 2009-59
    Heap buffer overflow in string to number conversion
  • MFSA 2009-57
    Chrome privilege escalation in XPCVariant::VariantDataToJS()
  • MFSA 2009-56
    Heap buffer overflow in GIF color map parser
  • MFSA 2009-55
    Crash in proxy auto-configuration regexp parsing
  • MFSA 2009-54
    Crash with recursive web-worker calls
  • MFSA 2009-53
    Local downloaded file tampering
  • MFSA 2009-52
    Form history vulnerable to stealing

Read the release notes [mozilla.com]

Suggested articles

Discussion

  • TheGift73 on

    Would the Chrome privilege escalation in XPCVariant::VariantDataToJS() patch stop Firefox from crashing when using Google Wave?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.