Mozilla patched eight flaws in its products on Thursday, including "critical" issues in Firefox, Thunderbird and SeaMonkey.Mozilla patched eight flaws in its products on Thursday, including “critical” issues in Firefox, Thunderbird and SeaMonkey.
Firefox version 220.127.116.11 includes a cumulative fix for bugs leading to crashes and a fix for the way Script object modifies XPCNativeWrappers.
Mozilla disclosed on Thursday that some of the crash-causing issues could eventually be exploited to run arbitrary code on a victimised PC.
The distribution also patched a flaw in Firefox for Windows XP with Internet Explorer 7 installed that occurs with a malformed URI. Billy (BK) Rios and Nate Mcfeters were credited with disclosing the flaw.
The fix detects when Windows would mishandle such URIs so that the wrong program does not get launched, according to Mozilla's advisory.
The company also patched a “moderate” flaw in Firefox and SeaMonkey that could allow file stealing through a URI scheme.
Also fixed were moderate flaws in Digest Authentication request splitting and file upload control, as well as low-danger flaws in XUL pages and onUnload Tailgating.