Mozilla and Google both patched critical vulnerabilities in their browsers this week.
Of the two, Mozilla plugged the most security holes. The company fixed 11 vulnerabilities in a June 11 update to Firefox. More than half of the bugs were labeled as “critical.” Three of the critical bugs were in the browser’s rendering JavaScript engines and in certain circumstances result in memory corruption that could result in arbitrary code execution, according to the Mozilla advisory.
The other critical patches cover a JavaScript chrome privilege escalation issue, an arbitrary code execution using event listeners attached to an element whose owner document is null and a race condition while accessing the private data of a NPObject JS wrapper class object.
Ranked as “high” is a SSLtampering vulnerability that an active network attacker could use to intercept a CONNECT request and reply with a non-200 response containing malicious code that would be executed within the context of the victim’s requested SSL-protected domain.
On June 9, Google plugged two security holes with the release of Chrome version 2.0172.31. The fixes address two problems in Webkit. The first is a memory corruption issue in Webkit’s handling of recursion in certain DOMevent handlers. If a user visits a malicious Website, hackers could potentially execute code in Google’s Chrome sandbox. There was also an issue in WebKit’s handling of drag events that could lead to the disclosure of data when content is dragged over a malicious Web page.
In addition to the fixes, Mozilla also recently released a preview of Firefox 3.5.