Firefox gets security updates

By | December 21, 2006

Mozilla has released a set of updates for its Firefox web browser and for two other software packages: Thunderbird email client and SeaMonkey, a suite of programs that includes a chat program and a web site creation tool.

The updates fix a number of critical security vulnerabilities, including: XSS using outer window’s function object; RSS feed-preview referrer leak; Mozilla SVG processing remote code execution; XSS by setting im.src to javascript: URI; LiveConnect crash finalizing JS objects; Privilege escalation using watch point; CSS cursor image buffer overflow; Crashes with evidence of memory corruption.

“As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several bugs to improve the stability of the product. Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort,” said Mozilla in a statement.

Firefox users get notified through automatic updates. Users, who have not authorized automatic updates, can download the updates here.

Leave a Reply