Security Flaw fixed in Latest update of Firefox

December 19, 2008 Comments Off

New updates for Firefox browser, Thunderbird e-mail and SeaMonkey application suite released by Mozilla. This is about critical security flaws which ensure sensitive information is secure.

The updates are for version 3.0.5 for Firefox  and version 2.0.0.19 of Thunderbird and version 1.1.14 of SeaMonkey.

Errors found in Firefox browser are:

  • Errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
  • An error when processing the “persist” XUL attribute can be exploited to bypass cookie settings and uniquely identify a user in subsequent browsing sessions.
  • Multiple errors can be exploited to bypass the same-origin policy, disclose sensitive information, and execute JavaScript code with chrome privileges.

This issue could be used by a malicious website to steal private data from users who are authenticated on the redirected website. How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it.

Read More: Mozilla

Like it? Share!

Comments are closed.