Mozilla is shipping a “critical” Firefox update to provide patches for at least 11 security vulnerabilities affecting the open-source browser.
The most serious of the flaws affects the browser’s JavaScript engine and could lead to privilege escalation or arbitrary code execution attacks, Mozilla said in release notes on March 25 that accompanied the Firefox update.
The new Firefox 2.0.0.13 fixes six different security issues-11 documented vulnerabilities-that put Windows users at risk of authentication credentials theft, information disclosure, script execution with elevated privileges, denial-of-service and cross-site request forgery attacks.
Mozilla warned that some of these issues also affect Mozilla Thunderbird prior to 2.0.0.13 and SeaMonkey prior to 1.1.9.
The most serious issue, detailed in the MSFA 2008-14, addresses at least three flaws that allow scripts from page content to run with elevated privileges. In certain scenarios, Mozilla has confirmed that malicious code could be executed through XPCNativeWrapper pollution. It has also been proven that Firefox could be forced to run JavaScript code using the wrong principal leading to universal XSS and arbitrary code execution.
Because Thunderbird shares the browser engine with Firefox, the mail client could be vulnerable if JavaScript is enabled. “This is not the default setting and we strongly discourage users from running JavaScript in mail,” Mozilla said.
The open-source group also urged Firefox users to pay special attention to MSFA 2008-15, which addresses browser crashes with evidence of memory corruption.
“Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” the group warned.
“Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images.”
The latest update also fixes a problem with the HTTP Referer, a privacy issue with SSL Client Authentication and several bugs in the way “jar:” content is fetched.
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Latest News - Resources Resource HubsFeatured ResourcesLink to The Real AI Power Play: Who Controls Your Enterprise Data Layer? The Real AI Power Play: Who Controls Your Enterprise Data Layer?IT and data teams were promised that AI would make work easier. Instead, it's created new layers of complexity.Link to Building the Backbone of Agentic AI with Trusted, Context-Rich Data Building the Backbone of Agentic AI with Trusted, Context-Rich DataIn this 10-minute take video, Reltio Principal Solutions Consultant Guy Vorster explains how organizations can overcome fragmented data challenges to power AI agents.Link to IHG scales real-time, trusted data across global brands IHG scales real-time, trusted data across global brandsAccelerating time to value while powering data-driven engagementLink to Dell’s Vrashank Jain on The Data Problem That Could Break Your AIDell’s Vrashank Jain on The Data Problem That Could Break Your AI
AI thrives on data but feeding it the right data is harder than it seems. As enterprises scale their AI initiatives, they face the challenge of managing diverse data pipelines, ensuring proximity to insights, and supporting a growing range of workloads. In this episode, Corey Knowles speaks with Vrashank Jain, lead product manager for Dell’s AI Data Platform, about how businesses can overcome these hurdles with solutions that simplify data management, enhance performance, and unlock the full potential of their AI investments.
Link to BMC’s Jennifer Margules on Intelligent Enterprise OrchestrationBMC’s Jennifer Margules on Intelligent Enterprise OrchestrationIn this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise.
Link to Global-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldGlobal-First Finance: Building Scalable, Compliant Operations in an Uncertain WorldeSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly uncertain world. They explore how automation, AI, and integrated platforms are helping finance teams tackle today’s biggest challenges, from cross-border compliance and FX volatility to […]
-
Artificial Intelligence -
Video -
Big Data & Analytics -
Cloud -
Networking - Cybersecurity Cybersecurity
- Applications Applications
- IT Management IT Management
- Storage Storage
- Mobile Mobile
- Small Business Small Business
- Development Development
- Database Database
- Servers Servers
- Android Android
- Apple Apple
- Innovation Innovation
- PC Hardware PC Hardware
- Reviews Reviews
- Search Engines Search Engines
- Virtualization Virtualization
-
- Blogs Blogs
- Events Events