Mozilla Issues Security Update For Critical Firefox Flaw

Software Company Mozilla, of late, released one major security patch for its Web-browser Firefox plugging holes which could put Web-surfers in the danger of local bar phishing, data theft or drive-by load attacks.

The update namely Firefox 3.6.7 contains security patches comprising 8 "critical" fixes, 2 "high risk" and 4 "moderate," the company stated.

Meanwhile, in Mozilla's system of severity rating, security flaws described as "critical" let remote hackers carry out arbitrary code execution via a method that is apparent to users. SoftPedia published this on July 21, 2010.

Although the number of fixes rated as critical is 8 in the latest update, the total number of vulnerabilities of critical nature that are patched is in fact more. That's because one patch addresses many problems which are capable of resulting in memory corruption.

Reportedly, the software company has named 2 critical bugs out of the 8 as moz_bug_r_a4. Further, its community of developers discovered the problems within its collective security advisory.

States Mozilla, a particular critical flaw, the most severe one is caused with the way memory bugs, distorted PNG images, and other dangerous code executions are handled.

In addition, the 2 high risk problems include a security flaw that if exploited can let the attacker elude the same-origin limitations allotted to certain canvas component as well as view data from another Internet site. The other flaw is the same type of data disclosure vulnerability of cross-origin nature that eludes the JavaScript's typical origin policy.

Moreover, the 4 moderately critical problems are associated with accessibility of data within websites, techniques for impersonating location bar's contents as well as text using vulnerability which attackers may exploit in XSS (cross-site scripting) assaults.

Hence Mozilla advises that users ensure they have all the latest editions of updates downloaded at the earliest since the vulnerabilities are really critical.

Furthermore according to the company, Mac and Windows users will usually have the Firefox update downloaded automatically; however, during the while, there can be a prompt saying "Check for Updates." Thus users, who have so far not got the notification for automatic update, can initiate it manually.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 8/3/2010