Firefox Suffers Critical Bugs

[Osiris]

Firefox Suffers Critical Bugs

Although Mozilla has rolled out a patch on Wednesday to fix five flaws, three of which were classified as critical, a "highly critical" flaw in Firefox still remains.

The five flaws addressed by Mozilla included three the company rated 'critical'. These three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of web workers handles posted messages, Mozilla said. Web workers are used to carry out scripting tasks in a way that reduces the processing load on the user interface.
​

 

[Trotter]

Separately, Secunia on Thursday reported an unpatched bug in Firefox 3.6, the most recent version of the browser. The security research firm warned that the software contains a bug that could be used to execute malicious code on a user's system.

Definitely something Mozilla will be addressing SAP.

The five mentioned are in the 3.5 and 3.0 versions, not the latest (3.6).

 

[Osiris]

Highly Critical Firefox 3.6 Vulnerability

Reports about an unpatched security vulnerability in Firefox 3.6 that has been in existence since the beginning of February have been released on the Internet. Not a lot of information are known about the security vulnerability other than it has been successfully used to exploit Firefox 3.6 on Windows XP SP3 and Windows Vista with the likelihood that other operating systems and Firefox releases are also affected by the vulnerability.
The few facts that are know are the following: The vulnerability is a remote code exection vulnerability that can be used by malicious users to comprise the operating system.

 

[Trotter]

I wonder if NoScript blocks it? Well, NoScript wouldn't help if you gave the site permission, or it was implemented on a site that already had permission.

Same thing with Flashblock, for if the user clicks and gives permission it would be rendered useless.