ID: IRCNE2012021402
Date: 2012-02-13
According to "zdnet", Mozilla has shipped an urgent Firefox security update to fix a vulnerability that exposes web surfers to malicious hacker attacks.
The vulnerability, fixed with the latest Firefox 10.0.1, causes a browser crash that may be exploitable to launch code execution attacks.
Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.
Mozilla rates this a “critical” vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability.
- 2