Holes Fixed in Mozilla Network

Monday, January 2, 2012 @ 01:01 PM gHale


The Mozilla developers have not only given the Firefox browser a faster JavaScript engine with their update to version 9.0 but they have also closed critical security holes in Firefox, Thunderbird and SeaMonkey.

One critical flaw in previous versions of the Firefox browser allows an embedded OGG video element of “extreme” size to cause a crash that can potentially allow an attacker to inject malicious code. However, Mozilla is keeping the specific details of this confidentially disclosed vulnerability under wraps.

RELATED STORIES
A ‘Blue Screen of Death’ Comeback
Internet Explorer Goes to Silent Updates
Chrome Cuts Vulnerabilities in Update
Google Looks at HTTPS Security

Mozilla also closed a hole which allowed attackers to access out-of-bounds memory areas and inject malicious code via specially crafted SVG files. Another critical issue addressed in Firefox 9.0 is a currently unspecified and potentially exploitable crash in the YARR regular expression library. Mozilla also closed other critical memory bugs in 9.0.

Upgrading to Firefox 9.0 addresses these issues and the organization advises all users to upgrade, either using Firefox’s automatic update system or by downloading the latest version.

The vulnerabilities also exist in previous versions of the SeaMonkey “all-in-one Internet suite” and end up fixed in the Seamonkey 2.6 update.

The Thunderbird email client is vulnerable, but only the first vulnerability mentioned is critical. Version 9.0 of Thunderbird will fix the issues but the organization has not released it yet.



Leave a Reply

You must be logged in to post a comment.