Firefox 3.0.4 closes nine security holes
November 13, 2008 – 9:13 AMThe Mozilla Foundation has released Firefox version 3.0.4 to close nine security holes. The developers rated four of the holes as critical because they allow attackers to execute arbitrary code on the victim’s system. One of the critical holes is a classical buffer overflow that can be triggered via specially crafted server responses.
A flaw in the way the browser restores a session after a program crash can cause Firefox to violate the same-origin policy when executing JavaScript code, which could be exploited to execute the code in the context of a different website. Attackers could remotely trigger a crash and subsequent restart to steal a user’s access data to other web pages, for example.
Two of the critical holes have so far only been observed to cause crashes, but the developers suspect that the flaw can also be exploited to inject and execute code, as it involves memory corruptions. A flaw in the same-origin check in the nsXMLHttpRequest::NotifyEventListeners function also allows attackers to execute JavaScript in the context of another page. The developers only rated this security risk as high.
Two additional critical holes were closed in Firefox 2.0.0.18 and SeaMonkey 1.1.13. While both vulnerabilities are caused by memory corruptions and mainly lead to program crashes, the developers didn’t rule out that they could be exploited to infect systems. Specially crafted Shockwave and other files could corrupt the Flash player plug-in but give the browser continued access to the now essentially unmapped memory area.
Source:
http://www.heise-online.co.uk/news/Firefox-3-0-4-closes-nine-security-holes–/111952