ID: IRCNE2011081217
Date: 2011-08-17
According to "zdnet", Mozilla has shipped a critical Firefox update to fix at least 10 security vulnerabilities, some serious enough to expose web surfers to drive-by download attacks.
According to an advisory from the open-source group, 8 of the 10 vulnerabilities are rated “critical,” meaning that they can be used to run attacker code and install software.
Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs could be exploited to run arbitrary code.
These include a WebGL crash, a JavaScript crash, a crash in the Ogg reader, memory safety issues and unsigned scripts. These all affected Firefox 4 and 5. Firefox 6 is being distributed via the browser’s automatic update mechanism.
- 2