By Shamly, on July 23rd, 2010
Mozilla started the plugin check program to help users keep their plugins up to date on Firefox. Outdated plugins are a major source of security and stability risk for web users.
Click Here to Read the Full Post →
By Shamly, on July 22nd, 2010
Mozilla has shipped a mega patch for Firefox to fix a total of 14 moderate to critical security flaws that expose Web surfers to attacks by hackers.
Impact key:
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
Below is a list of bugs fixed in the latest release:
- Cross-origin data leakage from script filename in error messages
- Cross-domain data theft using CSS
- Multiple location bar spoofing vulnerabilities
- Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
- Same-origin bypass using canvas context
- Cross-origin data disclosure via Web Workers and importScripts
- Remote code execution using malformed PNG image
- nsTreeSelection dangling pointer remote code execution vulnerability
- nsCSSValue::Array index integer overflow
- Arbitrary code execution using SJOW and fast native function
- Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
- Use-after-free error in NodeIterator
- DOM attribute cloning remote code execution vulnerability
- Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
