Mozilla has shipped a mega patch for Firefox to fix a total of 14 moderate to critical security flaws that expose Web surfers to attacks by hackers.
Impact key:
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
Below is a list of bugs fixed in the latest release:
- Cross-origin data leakage from script filename in error messages
- Cross-domain data theft using CSS
- Multiple location bar spoofing vulnerabilities
- Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
- Same-origin bypass using canvas context
- Cross-origin data disclosure via Web Workers and importScripts
- Remote code execution using malformed PNG image
- nsTreeSelection dangling pointer remote code execution vulnerability
- nsCSSValue::Array index integer overflow
- Arbitrary code execution using SJOW and fast native function
- Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
- Use-after-free error in NodeIterator
- DOM attribute cloning remote code execution vulnerability
- Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
[…] Update: A new version has been released which fixes several critical bugs that were present in version 3.6.6. All users are advised to update their browser to the latest version. Click here to read more about the update […]
I found your guide on google and I need to admit it is fantastic. I’ve acquired a website too, and I’m generating critiques of a wonderful produtc, Muscle Warfare, which helps you developing yous muscles much faster with normal elements. Pay a visit to my web site and have a appear.