Mozilla and Google both patched critical vulnerabilities in their browsers this week.
Ranked as “high” is a SSLtampering vulnerability that an active network attacker could use to intercept a CONNECT request and reply with a non-200 response containing malicious code that would be executed within the context of the victim’s requested SSL-protected domain.
On June 9, Google plugged two security holes with the release of Chrome version 2.0172.31. The fixes address two problems in Webkit. The first is a memory corruption issue in Webkit’s handling of recursion in certain DOMevent handlers. If a user visits a malicious Website, hackers could potentially execute code in Google’s Chrome sandbox. There was also an issue in WebKit’s handling of drag events that could lead to the disclosure of data when content is dragged over a malicious Web page.
In addition to the fixes, Mozilla also recently released a preview of Firefox 3.5.