Firefox Update Zaps Code Execution Bugs
Mozilla is shipping a "critical" Firefox update to provide patches for at least 11 security vulnerabilities affecting the open-source browser.
The new Firefox 18.104.22.168 fixes six different security issues-11 documented vulnerabilities-that put Windows users at risk of authentication credentials theft, information disclosure, script execution with elevated privileges, denial-of-service and cross-site request forgery attacks.
Mozilla warned that some of these issues also affect Mozilla Thunderbird prior to 22.214.171.124 and SeaMonkey prior to 1.1.9.
The open-source group also urged Firefox users to pay special attention to MSFA 2008-15, which addresses browser crashes with evidence of memory corruption.
"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the group warned.
The latest update also fixes a problem with the HTTP Referer, a privacy issue with SSL Client Authentication and several bugs in the way "jar:" content is fetched.