Monday, February 06, 2006

FireFox Patches Critical Security Hole

The Mozilla Foundation has published a security update that prevents eight vulnerabilities in version 1.5 of the popular browser Firefox.

Mozilla has assigned one of the vulnerabilities a critical severity rating, whereas three of them are considered moderate and four of them low.

The critical flaw allows an attacker to inject XML code in the localstore.rdf file, which makes the browser carry out tasks without the user's authorization at startup, allowing total control of the system.

The vulnerabilities considered moderate allow arbitrary code to be run. One of these flaws is an integer overflow in E4X, SVG and Canvas. There is also a code execution problem when dynamically changing the style of an element from position:relative to position:static.

A corrected denial of service problem could be used by a malicious user to render an application unusable using a malicious website with a long title. The browser of a user that visited this website would close whenever the user tried to access it.

The updates can be downloaded using the automatic update feature in the browser or directly from the Mozilla website at http://www.mozilla.com/firefox/

The information published by Mozilla Foundation about the flaws is available at http://www.mozilla.org/security/announce/

Links to this post:

Create a Link

<< Home