Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
Bumper Mozilla Firefox Update PDF Print E-mail
Written by Editor   
Thursday, 13 November 2008 09:38
Well it seems this week is general patch week, we've had Microsoft and now Mozilla have released a series of updates for Firefox and the other Mozilla applications.
 
We have two new Firefox versions, 3.0.4 for the Version 3 branch and 2.0.0.18 for the Version 2 branch of Firefox. Across everything Mozilla have produced advisories for the following issues:
  • MFSA 2008-58 Parsing error in E4X default namespace (FF 3 & FF 2)
  • MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals (FF 3 & FF 2)
  • MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation (FF 3 & FF 2)
  • MFSA 2008-55 Crash and remote code execution in nsFrameManager (FF 3 & FF 2)
  • MFSA 2008-54 Buffer overflow in http-index-format parser (FF 3 & FF 2)
  • MFSA 2008-53 XSS and JavaScript privilege escalation via session restore (FF 3 & FF 2)
  • MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) (FF 3 & FF 2)
  • MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome (FF 3)
  • MFSA 2008-50 Crash and remote code execution via __proto__ tampering (FF 2)
  • MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading (FF 2)
  • MFSA 2008-48 Image stealing via canvas and HTTP redirect (FF 2)
  • MFSA 2008-47 Information stealing via local shortcut files (FF 3 & FF 2)
Of these MFSA 2008-49, MFSA 2008-50, MFSA 2008-52, MFSA 2008-53, MFSA 2008-54 and MFSA 2008-55 have been rated as Critical issues. There are three high risk issues, these include MFSA 2008-48, MFSA 2008-56 and MFSA 2008-57, then two Moderate risk issues with MFSA 2008-47 and MFSA 2008-51. Finally a Low risk issue in MFSA 2008-58.

As usual it is recommended that you get your versions of Firefox updated as soon as possible, it is important to remember that Firefox 2 support will be ending soon, so take this opportunity to upgrade to Firefox 3. Most of the issues also affect SeaMonkey and Thunderbird too, with SeaMonkey version 1.1.13 being released to address the issues affecting it and version 2.0.0.18 of Thunderbird due to be published to address the issues it is vulnerable to.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!