In association with heise online

12 June 2009, 08:33

Firefox 3.0.11 closes critical holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The release of Firefox 3.0.11 has eliminated eleven vulnerabilities in 3.0.10, with four of the vulnerabilities classified as critical out of the nine problems listed in the security advisory. One of the critical issues in the advisory actually covers three issues which can at least crash the browser and could allow for arbitrary code to be executed. The developers, to be on the safe side in such cases, classify the set as a critical vulnerability.

The other critical vulnerabilities include a race condition when deleting Java objects, which could allow an attacker to execute code held in the freed memory. The JavaScript event handler in Firefox was found to be vulnerable to arbitrary code execution, allowing an event handler to potentially run with arbitrary JavaScript with local chrome privileges. Another privilege escalation issue allowed attackers to take over chrome objects such that they would run the attackers code as their own, with higher privileges, from a web page.

Classified as "high", an issue with SSL and web proxies could allow an attacker with a malicious proxy to intercept CONNECT requests and respond in such a way that they could execute JavaScript on the victims browser as if it had come from an SSL protected site. The example listed in the Bugzilla report shows how PayPal cookies could be stolen. Interestingly, the hole was discovered by Microsoft at the beginning of the year and passed on to both Mozilla and Google Chrome developers.

SeaMonkey and the Thunderbird mail client are also affected, with the issues resolved in Thunderbird and SeaMonkey 1.1.17; these versions are expected to be released shortly.

In addition to the security fixes, the Firefox developers updated the version of SQLite used within the browser to eliminate errors that could destroy the bookmark database.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit