Firefox 3.6.7 fixes critical issues in 3.6.6

Mozilla has shipped a mega patch for Firefox to fix a total of 14 moderate to critical security flaws that expose Web surfers to attacks by hackers.

Impact key:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.

Below is a list of bugs fixed in the latest release:

  • Cross-origin data leakage from script filename in error messages
  • Cross-domain data theft using CSS
  • Multiple location bar spoofing vulnerabilities
  • Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
  • Same-origin bypass using canvas context
  • Cross-origin data disclosure via Web Workers and importScripts
  • Remote code execution using malformed PNG image
  • nsTreeSelection dangling pointer remote code execution vulnerability
  • nsCSSValue::Array index integer overflow
  • Arbitrary code execution using SJOW and fast native function
  • Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
  • Use-after-free error in NodeIterator
  • DOM attribute cloning remote code execution vulnerability
  • Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

2 comments to Firefox 3.6.7 fixes critical issues in 3.6.6

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.