Mozilla releases security and stability update for Firefox

Mozilla has released a security and stability update for Firefox 3.x users.

 

Available for Windows, Mac and Linux users as a free download, it fixes four critical vulnerabilities including a JavaScript chrome privilege escalation that would allow scripts from page content to run with elevated privileges.

 

Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the Feed Writer, to interact with web content in such a way that attacker controlled code may be executed with the object's chrome privileges.

 

Another fix is for the arbitrary code execution using event listeners attached to an element whose owner document is null. With this, the owner document of an element can become null after garbage collection.

 

In such cases, event listeners may be executed within the wrong JavaScript context. An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges.

 

Also a vulnerability that crashes with evidence of memory corruption has been fixed, after some crashes showed evidence of memory corruption under certain circumstances. Mozilla presumed that with enough effort, at least some of these could be exploited to run arbitrary code.

 

Mozilla strongly recommended that all Firefox users upgrade to this latest release.

Sign up to our newsletters