Mozilla patches eight flaws

Mozilla patched eight flaws in its products on Thursday, including "critical" issues in Firefox, Thunderbird and SeaMonkey.

Mozilla patched eight flaws in its products on Thursday, including “critical” issues in Firefox, Thunderbird and SeaMonkey.

Firefox version 2.0.0.8 includes a cumulative fix for bugs leading to crashes and a fix for the way Script object modifies XPCNativeWrappers.

Mozilla disclosed on Thursday that some of the crash-causing issues could eventually be exploited to run arbitrary code on a victimised PC.

Mozilla researcher moz_bug_r_a4 was credited with discovering the other critical flaw, which can be exploited when using the Script object to modify XPCNativeWrappers so that subsequent access by the browser chrome can cause attacker-supplied JavaScript to run.

The distribution also patched a flaw in Firefox for Windows XP with Internet Explorer 7 installed that occurs with a malformed URI. Billy (BK) Rios and Nate Mcfeters were credited with disclosing the flaw.

The fix detects when Windows would mishandle such URIs so that the wrong program does not get launched, according to Mozilla's advisory.

The company also patched a “moderate” flaw in Firefox and SeaMonkey that could allow file stealing through a URI scheme.

Also fixed were moderate flaws in Digest Authentication request splitting and file upload control, as well as low-danger flaws in XUL pages and onUnload Tailgating.

Sign up to our newsletters