Mozilla patches three Firefox security vulnerabilities

Mozilla on Monday released Firefox version 2.0.0.10. The update addresses three high-impact security vulnerabilities. Two concern cross-site request forgeries, which can be used to steal personal information while visiting certain sites, and one concerns memory corruption.

The update is being pushed out to all current Firefox users. New users can download the current Firefox release from the Mozilla site (or download the English versions for Windows or Mac from CNET Download.com).

The first cross-site request forgery vulnerability could allow an attacker to generate a fake HTTP referer header by exploiting a timing condition when setting the window location property.

Mozilla says the referer header is supposed to reflect the address of the content that initiated the script. "Instead, the referer was set to the address of the window (or frame) in which the script was running, and this vulnerability arises from that tiny difference." It credits Gregory Fleischer with reporting the issue.

The second cross-site request forgery vulnerability concerns the JAR ZIP format, which enables Web sites to load pages packaged in ZIP archives containing signatures in Java archive format.

According to Mozilla, a Beford.org blogger noted that redirects confused Mozilla browsers about the true source of the JAR content: it was "wrongly considered to originate with the redirecting site rather than the actual source. This meant that an XSS attack could be mounted against any site with an open redirect, even if it didn't allow uploads."

A proof of concept demonstrates how to exploit this vulnerability to steal a user's Gmail contact list. Mozilla credits security researchers Jesse Ruderman and Petko D. Petkov with reporting the issue.

The final update concerns memory corruption, and Mozilla says there are three specific fixes that improve the stability of Firefox. The concern here is that with enough effort, some of these memory crashes could be exploited to run arbitrary code.

[KTLA_knew]

I have an idea...

Why don't we NOT turn this into some kind of "told you so" or "look how great the many eyes theory works" or "M$ $ux" or any of that?

Just a thought...

[ittesi259]

Fine......

Isn't it great how a company actively response to security issues in a browser....how nice and refreshing. All while still working on the new version. Now if they would just fix the memory leaks and reduce any unintentional bloating would be nice :) Its great so many eyes (oops) help make that happen unlike M$(oops agan).

You forgot to tell the Apple fanboys they couldn't respond with their opinions too....what happened to equal and consistent stupid comments

[KTLA_knew]

I have an idea...

Why don't we NOT turn this into some kind of "told you so" or "look how great the many eyes theory works" or "M$ $ux" or any of that?

Just a thought...

[ittesi259]

Fine......

Isn't it great how a company actively response to security issues in a browser....how nice and refreshing. All while still working on the new version. Now if they would just fix the memory leaks and reduce any unintentional bloating would be nice :) Its great so many eyes (oops) help make that happen unlike M$(oops agan).

You forgot to tell the Apple fanboys they couldn't respond with their opinions too....what happened to equal and consistent stupid comments

[ejevo]

** CRASH **

How about fixing the crashing that FF seems to do on a regular basis since 2.0.0.7? Then I'd be impressed.

[ejevo]

** CRASH **

How about fixing the crashing that FF seems to do on a regular basis since 2.0.0.7? Then I'd be impressed.

[loseruser]

firefox wrote nothing about vulnerablies in the 20.20 version because no vulnerablies presentable or why?
<a href="http://www.Free-Web-Proxy.de/firefox.php" >firefox 2.0.0.20 vulnerablies</a>