[ insider_reports_insider ]
Mozilla Patches Firefox 3
David Utter
Staff Writer
2008-07-17
 Insider Reports RSS Feed
A fix for a vulnerability reported a few hours after the Firefox 3 Download Day opened began arriving on people's computers.
 | | Mozilla Patches Firefox 3 |  |
Last month's effort by Mozilla to set a world's record for most downloads in a 24-hour period received a damper from a security researcher. About five hours after the start of the event, TippingPoint revealed a flaw in Firefox 3 had been reported to them and shared with Mozilla's engineers.
Mozilla revealed some additional information about the issue reported by TippingPoint, which acquired the vulnerability from its discoverer and passed it to the Firefox team. A remote code execution situation could have resulted if the flaw were exploited.
Mozilla said the vulnerability had to do with Mozilla's internal CSSValue array data structure. Too many references to a CSS object would create an overflow condition in the browser.
When the browser crashed from this, the attacker may have been able to run code on the targeted machine.
Mozilla also warned the Thunderbird mail client, which shares an engine with Firefox, could be vulnerable if JavaScript is enabled; by default JavaScript is not enabled in Thunderbird. They reasonably recommend not enabling JavaScript in the mail client in order to mitigate emailed threats.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
