kanenas.net

Tag: mozilla

Firefox 3.0.9 fixes several security and stability issues

by kanenas.net on Apr.25, 2009, under News, Tech

Firefox 3.0.9 fixes several security and stability issues found in Firefox 3.0.8

Fixed in Firefox 3.0.9
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

Download Firefox 3.0.9

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...
  • Share/Bookmark
Leave a Comment :, , more...

Firefox 3.0.8

by kanenas.net on Mar.28, 2009, under News, Tech

What’s New in Firefox 3.0.8

Firefox 3.0.8 fixes two critical security issues found in Firefox 3.0.7:

Mozilla Foundation Security Advisory 2009-13

Title: Arbitrary code execution via XUL tree element
Impact: Critical
Announced: March 27, 2009
Reporter: Nils
Products: Firefox
Fixed in: Firefox 3.0.8

Description

Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer.

This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest.
This vulnerability does not affect Firefox 2.

Mozilla Foundation Security Advisory 2009-12

Title: XSL Transformation vulnerability
Impact: Critical
Announced: March 27, 2009
Reporter: Guido Landi, Andre, Michael Rooney, Martin
Products: Firefox
Fixed in: Firefox 3.0.8

Description

Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer.

This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre’s findings to Mozilla, and Mozilla community member Martin helped reduce Andre’s original testcase and contributed a patch to fix the vulnerability.

Interesting links:

# Features
# Security
# Customization
# 100% Organic Software
# Tips & Tricks
# Release Notes

  • Share/Bookmark
Leave a Comment :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...