Mozilla patches 10 Firefox 3.5 vulnerabilities

From InfoWorld: Mozilla on Wednesday patched 10 security vulnerabilities in Firefox 3.5, all but one ranked critical, as it delivered the first update that automatically checks for outdated versions of the popular Flash Player plug-in.

In four separate sets of patches, Firefox 3.5.3 fixed a total of 10 flaws, the majority of them stability issues in the application's browser and JavaScript rendering engines, some of which Mozilla said might be exploitable by hackers.

Four of the seven vulnerabilites outlined in the MFSA 2009-47 advisory produce browser engine crashes, while the other three crash Firefox's new TraceMonkey JavaScript engine. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory acknowledged, using boilerplate language Mozilla often uses to describe critical bugs.

Mozilla recommended that users disable JavaScript in Firefox if they were unable or unwilling to patch the browser.

View: Article @ Source Site