Mozilla updates Firefox Zaps Code Execution Bugs

Mozilla is shipping a "critical" Firefox update to provide patches for at least 11 security vulnerabilities affecting the open-source browser. The most serious of the flaws affects the browser's JavaScript engine and could lead to privilege escalation or arbitrary code execution attacks, Mozilla said in release notes on March 25 that accompanied the Firefox update. […]

Mozilla is shipping a "critical" Firefox update to provide patches for at least 11 security vulnerabilities affecting the open-source browser. The most serious of the flaws affects the browser's JavaScript engine and could lead to privilege escalation or arbitrary code execution attacks, Mozilla said in release notes on March 25 that accompanied the Firefox update.

The new Firefox 2.0.0.13 fixes six different security issues—11 documented vulnerabilities—that put Windows users at risk of authentication credentials theft, information disclosure, script execution with elevated privileges, denial-of-service and cross-site request forgery attacks. Mozilla warned that some of these issues also affect Mozilla Thunderbird prior to 2.0.0.13 and SeaMonkey prior to 1.1.9.

The most serious issue, detailed in the MSFA 2008-14, addresses at least three flaws that allow scripts from page content to run with elevated privileges. In certain scenarios, Mozilla has confirmed that malicious code could be executed through XPCNativeWrapper pollution. It has also been proven that Firefox could be forced to run JavaScript code using the wrong principal leading to universal XSS and arbitrary code execution.

Source:→ eWeek

Mozilla, Firefox, Thunderbird, Security, Vulnerability, Exploit, Patch, Fix