Update addresses a number of security issues
Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser.
The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.
Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.
The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.
The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.
Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.
Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.
Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.
Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser.
The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.
Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.
The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.
The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.
Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.
Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.
Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.
0 comments:
Post a Comment Subscribe to Post Comments (Atom)