- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Mozilla issued 10 patches on Friday for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now 2.0.0.12.
One of the critical vulnerabilities, MFSA 2008-06, is a problem in the way the browser handles images on certain Web pages.
It's possible to exploit the flaw to steal a person's Web browsing history, forward that information and then crash the browser. It may also be possible to run arbitrary code on a machine, Mozilla said.
A second critical vulnerability can enable a privilege escalation attack or remote code execution.
The last critical problem involves a memory corruption flaw that "we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said.
Also notable is a fix for a problem with Mozilla's "chrome" protocol, which is the term Mozilla uses for its user interface. The problem involves some of Firefox's add-ons, or applications that users can download which extend browser functionality.
The vulnerability would let an attacker determine what applications are installed on a person's PC, which could give clues to how the machine could be compromised, Mozilla said. However, a victim would have to be lured to a special malicious Web page designed to take advantage of the flaw (Compare Patch and Vulnerability Management products).
The Leader in Network Knowledge
Comments (1)
RE: Mozilla patches three critical Firefox flawsBy Charles J DeStefano on February 11, 2008, 6:01 pmThanks for the info
Reply | Read entire comment
View all comments