toggle

AAPL Stock: 126.41 ( -2.13 )

Printed from http://www.macnn.com

Mozilla Firefox 2.0.0.2 fixes security flaws

updated 09:40 pm EST, Fri February 23, 2007

Mozilla Firefox 2.0.0.2

Mozilla on Friday released updated versions of the Firefox open-source browser to fix several security flaws as well as add support for Windows Vista, Microsoft's latest operating system. The update addresses an important flaw that could be used to manipulate stored cookie information as well as a flaw that could lead to the execution of arbitrary code. Firefox 2.0.0.2 (and Firefox 1.5.0.10) fixes a critical security flaw addresses a "critical" bug that could lead to memory corruption and could be exploited to run arbitrary code. "As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases we fixed several bugs to improve the stability of the product," the company wrote.

"Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code."

The company also said that its Thunderbird mail client, which shares the browser engine with Firefox, could be vulnerable to the memory corruption bug, if JavaScript were enabled; however, it noted that JavaScript is not enabled by default, and also said it "strongly discourages users from running JavaScript in mail."

In addition, another bug could allow users to manipulate cookies stored on a user's computer. It fixes a "high" impact flaw in which setting the location.hostname to a value with embedded null characters can confuse the browsers domain checks. The flaw could allow a malicious page to set domain cookies for any arbitrary site and enables malicious users to set the document.domain to any arbitrary value which could be used to perform a cross-site scripting attack against any page which also sets document.domain.

The updates, available now in dozens of languages, also address potential buffer overflow vulnerabilities in the Network Security Services (NSS) code for processing the SSLv2 protocol; XSS and local file access by opening blocked popups; spoofing using custom cursor and CSS3 hotspot; iformation disclosure through cache collisions; and other Improvements to help protect against Cross-Site Scripting attacks.

Mozilla has plans to maintain the previous generation Firefox 1.5 browser until April 24, 2007.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Comments are closed.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, it's not exactly something most people put a lot of thought into. Printers are often touted as ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

toggle

Most Commented