Mozilla scrambled to release Firefox 2.0.0.16 and Firefox 3.0.1 updates in a bid to decrease the possibility of a full-on attack by hackers against the open source browser users.
The updates will address critical flaws present in both version; the first one, MFSA 2008-34, was reported by security firm Tipping Point during its Zero Day Initiative and could result in the attacker being able to execute code on the victim's computer by crashing Firefox.
The vulnerability also affects Mozilla Thunderbird Email applications as well where Javascript is used for reading emails.
The second issue came to light thanks to Billy Rios and allows the attacker to bypass a previous fix by using carefully crafted a command-line URI with pipe symbols.
This opens multiple tabs and could trigger files in locations on the targeted computer to execute. This attack only works if Firefox is not already working.
Rios went on to demonstrate the "Safari Carpet Bombing Vulnerability".
The Firefox 3.0.1 update also fixes a common printing error and closes a Mac OS X only flaw which allowed remote code to be executed through a specially crafted GIF file.
Have you read these related articles?
Newsletter:
