New Firefox release addresses jar XSS Vulnerability

Main Menu

Login

Support Virus.Org

Help support Virus.Org by donating. Donating allows us to keep this site free and pay the running costs of all our services.

RSS 2.0

New Firefox release addresses jar XSS Vulnerability

Written by Editor

Tuesday, 27 November 2007 14:54

The guys over at Mozilla Foundation have pushed out a new release of Firefox, the new 2.0.0.10 release addresses three security issues within the Firefox browser.

All three security fixes are rated as High Risk by Mozilla and it is recommended that users upgrade as soon as possible. The three issues are outlined below:

MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard

The issues outlined could be used to execute arbitrary code in the context of the browser user session, in the case of MFSA 2007-38. The other issues could be used to carry out content spoofing and phishing attacks.

It is recommended that Firefox users upgrade to 2.0.0.10 as soon as possible and SeaMonkey users upgrade to 1.1.7 as soon as possible.

Add this page to your favorite Social Bookmarking websites

Last Updated ( Tuesday, 27 November 2007 14:55 )