Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Mozilla has issued an updated version of its Firefox web browser to fix 13 vulnerabilities, most of which were labeled "critical."
The update, Firefox 3.6.13 and 3.5.16, fixes 11 critical flaws that could result in a remote attacker installing malicious software on victim machines, according to Mozilla's security advisory. Of the remaining bugs, one was rated “high” in severity, and another “moderate.”
In all, the vulnerabilities could allow an attacker to execute arbitrary code, operate with elevated privileges, or spoof the location bar, according to an advisory posted by the US-CERT.
One of the patches fixes a critical arbitrary code execution bug in Firebug, a popular Firefox website debugging and editing add-on. The flaw was originally fixed in late March and, at the time, Mozilla said it did not affect Firefox 3.6.
The same Mozilla researcher who originally reported the flaw, however, discovered that the initial patch could be circumvented, permitting the execution of arbitrary JavaScript, according to Mozilla's security advisory.
The latest patch addresses both Firefox 3.5 and 3.6.
Other vulnerabilities fixed in the update include several memory safety, buffer and integer overflow, location bar SSL spoofing and cross-site scripting bugs.
Some of the flaws also affect Mozilla's SeaMonkey application suite and the Thunderbird email client. These were fixed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.