Firefox Update Squashes Nine Security Bugs
Mozilla repaired a slew of bugs Wednesday in a comprehensive Firefox update totaling nine fixes, five of which are deemed critical. Altogether, the latest version, Firefox 3.6.11, addresses five flaws that enable hackers to launch malicious attacks onto users' systems remotely, as well as two errors that carry the slightly less severe rating of "high" and one that is considered "moderate." The update runs across Windows, Mac OS X and Linux environments.
Specifically, the latest Firefox update repaired two memory corruption errors that could potentially be used by hackers to execute arbitrary code. One of the fixes addressed a buffer overflow and memory corruption flaw that could occur by passing an excessively long string to document.write. The other update entailed a comprehensive fix for Mozilla termed as "several miscellaneous memory safety hazards."
Firefox 3.6.11 also patched a critical library loading vulnerability. Researchers found that a library loading function used for external libraries on Windows was vulnerable to binary code attacks if an attacker were to place a similarly named executable -- a malicious shared library with the same name -- in the current working directory or any other location that Windows searches for executables. The attacker could then load their own malicious library by replacing the legitimate file.
