Mozilla Fixes Firefox Holes

Tuesday, November 27, 2012 @ 07:11 PM gHale


Six critical, nine high and one moderate-impact vulnerabilities have gone under repair by Mozilla with the release of Firefox 17.

The critical flaws allow an attacker leverage to run arbitrary code and install malicious software without any user interaction, refer to use-after-free, buffer overflow and memory corruption issues identified with the aid of Address Sanitizer.

RELATED STORIES
Outdated Browsers Bring Big Risk
Chrome 23 Shuts Security Holes
Browser Extensions on Rise
BEAST still tackles SSL servers

Other critical security holes include a CSS and HTML injection issue through Style Inspector, miscellaneous memory safety hazards, a buffer overflow when rendering GIF images, and a crash when combining SVG text on path with CSS.

The high-impact vulnerabilities addressed in Firefox 17 ended up caused by the improper security filtering for cross-origin wrappers, installer DLL hijacking, the fact the evalInSanbox location context incorrectly applied, and a memory corruption issue in str_unescape.



Leave a Reply

You must be logged in to post a comment.