From InfoWorld: Mozilla yesterday patched 10 bugs in Firefox, half of them critical, in the browser's rendering and JavaScript engines, media and video libraries, and other components. Firefox 3.5.6, the browser's first security update since late October , fixed five flaws rated critical by Mozilla, one tagged as high, three pegged as moderate, and one labeled as a low threat. The five critical vulnerabilities were located in the rendering and JavaScript engines, and in the "liboggplay" and "libtheora" media and video libraries. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in the advisory that spelled out the rendering and JavaScript engine flaws. Three of the four vulnerabilities outlined in MFSA-2009-065 generate browser crashes, while the last affects the TraceMonkey JavaScript engine that debuted in Firefox 3.5. Mozilla recommended users disable JavaScript in Firefox if they were unable to immediately patch the browser. View: Article @ Source Site |