Mozilla patches Firefox flaws
February 9th, 2008 | by Fitri |
Mozilla released on Friday 10 patches for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now 2.0.0.12.One of critical vulnerabilities, MFSA 2008-06, is a problem in the way the browser handles some images on Web pages.
It is possible to exploit the flaw to steal someone’s Web browsing history, before the information, then crash the browser. It is also possible to execute arbitrary code on a machine, Mozilla said.
A second critical vulnerability may permit a privilege escalation attack or remote code execution.
The latest criticism concerns a problem with memory corruption flaw that “we must assume that, with enough effort, at least some of them could be exploited to execute arbitrary code,” said Mozilla.
It should also be noted a fix for the problem with Mozilla “chrome” protocol, which is the term used by Mozilla for its user interface. The problem involves some of Firefox’s add-ons, or applications that users can download to extend the functionality of the browser.
The vulnerability would allow an attacker to determine which applications are installed on the computer of a person, which could give clues about how the machine could be compromised, said Mozilla. However, the victim must be lured to a malicious Web page specially designed to take advantage of the flaw.