Mozilla Firefox Vulnerabilities
Today’s security topic was easy to miss over the busy weekend, so I decided to shed some light on things here, the Tuesday after the big holiday break.
The Mozilla foundation surely has been having a wonderful holiday. I expect that with 10 new vulnerabilities, they could be having nothing else. These new risks affect not only their popular Internet browser, Firefox, but also Thunderbird (the POP3 e-mail client) and SeaMonkey (an all-in-one Internet suite).
|XSS Using Outer Window’s Function Object||This is an exploit that could possibly be used to steal a user’s credentials, utilizing cross-site scripting.|
|RSS Feed Preview Referrer Leak||The new “Feed Preview” feature in Firefox 2.0 can potentially allow informed Web based feeds of your surfing habits. (Does not affect Firefox 2.0).|
|Mozilla SVG Processing Remote Code Execution||Specially created documents can cause a crash due to memory corruption that can then be exploited to run arbitrary code.|
|CSS Cursor Image Buffer Overflow||A miscalculated size during conversion of curser size can cause a heap buffer overflow, which then can be used to compromise the victim’s PC.|
|Crashes With Evidence of Memory Corruption||Showed evidence of memory corruption, which could possibly be used to run arbitrary code on a user’s computer.|
Other than that, make sure that all your Mozilla programs are updated and you should be fine. If you are unsure if all your Mozilla software is up to date, you can always use the Secuna Software Inspector to check your software versions. It comes complete with links and recommendations.
The Secuna Software Inspector is a great online service that scans your system and creates a list of not only the operating system patch version, but other installed software versions as well. In other words, you can go out to Secuna’s Web site and go through each scan process to find out if any of your software needs to be updated and where you can go to do so.
That is a great service. I would even recommend putting this little fellow in your bookmarks and run it as part of your regular security maintenance.
So, go out to Secuna, run the Software Inspector, carefully look through the results of the scan, see what you need updated and follow the links the service provides to perform the necessary updates.
Until next week, stay safe out there!
~ Chad Stelnicki