Firefox update fixes critical security vulnerabilities

March 26, 2008 – 5:05 AM

The Mozilla project is distributing version 2.0.0.13 of its popular open source Firefox browser. This release fixes several critical vulnerabilities which could be exploited by attackers to inject malicious code or fake page content.

The browser’s JavaScript engine contains several of the security vulnerabilities. Due to incorrect processing, attackers can execute external code with maximum privileges in the browser and also perform cross-site scripting (MFSA-2008-14 and MFSA-2008-15). Security advisory MSFA-2008-18 describes a vulnerability which allows Java applets to access any port on a local computer. According to the Mozilla security advisory, Sun has integrated a bug fix into the current version of Java Runtime, but the Mozilla programmers have also introduced countermeasures into their new version.

A security vulnerability allows attackers to fake a borderless popup from a background tab using crafted web pages and place it in front of the user’s active tab. This could be used to spoof form elements and phish for data such as login data. Attackers can also circumvent the method used by some websites to protect against cross-site request forgery (CSRF) if server-side protection is based solely on referrer checking, as it is possible to fake the HTTP referrer (MSFA-2008-16). The Mozilla browser may reveal personal data if a user possesses a personal certificate which the browser presents automatically during SSL client authentication. According to security advisory MFSA-2008-17, following the update the browser asks the user before presenting the client certificate when it is requested by a website.

Most of the security vulnerabilities also affect the Thunderbird mail client and the Seamonkey browser suite. The security advisories refer to Thunderbird version 2.0.0.13 and Seamonkey 1.1.9, in which these bugs should be fixed. These versions are not yet, however, being distributed automatically. Firefox users should install the update without delay, as the vulnerabilities can be exploited using crafted web pages to inject trojans.

Source: Heise Online

You must be logged in to post a comment.