Security Bytes

Oct 29 2009   12:18PM GMT

Mozilla update repairs Firefox buffer overflow vulnerabilities

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Repairs fix several critical memory corruption errors and buffer overflow flaws that could cause the browser to crash and leave users vulnerable to attack.

Mozilla issued an update to its popular Firefox browser this week, repairing more than a dozen flaws that could cause the browser to operate erratically and crash or allow remote attackers to target vulnerable users.

The browser maker issued 10 advisories on Tuesday, five critical, fixing memory corruption errors, buffer overflow flaws and an object handling flaw that could enable an attacker to execute malicious code and gain access to sensitive data. Firefox 3.5.4 and 3.0.15 plug 16 holes were addressed in a variety of browser functions.

Mozilla repaired four critical memory corruption errors affecting the browser engine and the JavaScript engine. In its advisory, Mozilla said some of the errors could be targeted by attackers to execute arbitrary code.

The browser maker also updated several third-party libraries used to render media. The corrupted libraries were used by the browser to read Ogg Vorbis encoded media files.

“Some of the bugs discovered could potentially be used by an attacker to crash a victim’s browser and execute arbitrary code on their computer,” Mozilla said.

Other serious flaws were repaired. The Mozilla update fixed a heap-based buffer overflow in Mozilla’s string to floating point number conversion routines; A flaw that could enable an attacker to execute malicious JavaScript code with chrome privileges; and an error in Mozilla’s GIF image parser.

Last month, Mozilla released a new feature it said would help get users to update third-party plugins. The changes came in the release of Firefox 3.5.3 and Firefox 3.0.14.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: