Mozilla fixes Firefox flaws


Mozilla fixes Firefox flaws

Bill Brenner, Senior News Writer

Mozilla has fixed multiple flaws in Firefox, SeaMonkey and Thunderbird that attackers could exploit to bypass security restrictions, crash machines and run malicious code. The issues do not appear to affect the recently-released Firefox 2.0.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

According to three advisories Mozilla released Tuesday:

  • Attackers could exploit several unspecified glitches to corrupt system memory, crash machines and possibly run malicious code. Mozilla noted that Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were enabled in mail.

  • RSA digital signatureswith a low exponent could be forged. The flaw was corrected in the Mozilla Network Security Services (NSS) library version 3.11.3 used by Firefox 2.0 and current development versions of Mozilla clients, but Firefox was still vulnerable to attack.

  • Attackers could modify a script object while it is executing and launch malicious JavaScript code as a result.

    The problems are rated critical by Mozilla and are fixed in Firefox, Thunderbird and SeaMonkey 1.0.6.

    The issues do not appear to affect the recently released Firefox 2.0, which included a variety of security tweaks and a new anti-phishing feature.