Mozilla’s flagship Firefox browser is vulnerable to at least 6 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing and an additional 5 others security flaws.
· The 6 Critical flaws are:-
· MFSA 2009-64 (Critical) — Crashes with evidence of memory corruption. Four different vulnerabilities were documented. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
· MFSA 2009-63 (Critical) — Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim’s browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues. Three different vulnerabilities were documented.
· MFSA 2009-59 (Critical) — A heap-based buffer overflow in Mozilla’s string to floating point number conversion routines allows an attacker to craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim’s computer.
· MFSA 2009-57 (Critical) — The XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web content, potentially executing malicious JavaScript code with chrome privileges.
· MFSA 2009-56 (Critical) — A heap-based buffer overflow in Mozilla’s GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim’s browser and run arbitrary code on their computer. This flaw does not affect products built on the Gecko 1.8 browser engine such as Thunderbird 2.
· MFSA 2009-54 (Critical) — Recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim’s computer. Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.
·
· And there are also five less serious flaws
·
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing
Thankfully it took the Firefox team just a few hours to track down the bugs and release a patch, the update (Firefox 3.5.4) will be distributed via the browser’s automatic update mechanism and it’s highly recommended that you update your browser.
And on a personal note. Yes I’m back posting (I know this tends to be the kiss of death to a blog) after some time off.
Posted via email from scottherbert’s posterous
But how do you know if you’re doing well?
