Mozilla addresses memory corruption issues in Firefox 2 fix
Mozilla issued its 13th update to alternative browser Firefox 2, fixing six issues, two of which the company called critical.
“Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user’s system,” security firm Secunia said of the fixes.
According to advisories, some of the problems also affect Thunderbird and SeaMonkey. Of the critical issues, “several” issues were fixed that appeared to be memory corruption issues. Mozilla presumes that arbitrary code could be executed with enough effort.
Two high priority fixes were also issued, which dealt with an XUL popup spoof, an a Java issue that could allow for the opening of arbitrary ports on a user’s system. Those issues only affected Firefox and SeaMonkey,
Other than that, a moderately rated fix was issued for an HTTP referrer spoofing risk, and a low-priority fix for a privacy issue with SSL client authentication.