Mozilla Updates Firefox for Security, Ends 3.0.x Branch

Mozilla issues multiple security advisories as it works to lock down the popular open source Web browser.

Mozilla is out this week with Firefox 3.5.9 and 3.0.19 updates, fixing multiple security vulnerabilities in the open source Web browser's two branches, while announcing that the older of the two branches is being phased out.

As part of the update, Mozilla also issued new advisories on problems that also impact Firefox 3.6.2 browser, which it released last week, in addition to the 3.5.x and 3.0.x browsers.

With the 3.0.19 update, Mozilla is pledging to end the 3.0.x branch, which first debuted in June 2008.

"This is the last planned security and stability release for Firefox 3.0," said Christian Legnitto, Mozilla's new release driver for security and stability releases. Legnitto joined Mozilla earlier this month after a previous stint working at Apple, where he worked on stability and security releases for Mac OS X.

Among the fixes in the Firefox 3.5.9 and 3.0.19 updates are five that Mozilla identifies as being "critical," four of which it also fixed in Firefox 3.6. At the time of the Firefox 3.6.2 release, Mozilla only issued one advisory for an issue that had affected only that particular browser.

For all three browsers, the updates include a fix for crashes with evidence of memory corruption, a commonly fixed item in Firefox releases.

Also being addressed in two of the branch updates is a remote code execution issue, whereby XUL item memory is still being used even after it is freed by the browser. The XUL tree item issue does not affect the Firefox 3.6 browser.

"Security researcher 'regenrecht' reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted," Mozilla stated in its advisory. "This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer."

There are also fixes for a pair of dangling pointer vulnerabilities, which occur when a pointer is left alive when it was supposed to be closed by the browser. The flaws could potentially have enabled an attacker to execute arbitrary code.

Lastly, Mozilla is providing a fix for a privilege escalation issue in the browser.

"Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser," Mozilla stated in its advisory. "This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious JavaScript: URL on top of the same document, resulting in arbitrary script execution with chrome privileges."

Locking down new Web browser threats

Mozilla is now also working on a number of other security fixes including one that potentially exists in every major browser currently shipping. All major browsers include a CSS mechanism that shows a different color for a visited link, and which could potentially lead to users history information being stolen. An upcoming version of Firefox will provide a fix for the issue.

"We have to be realistic, though: there are many ways all browsers leak information about you, and fixing CSS history sniffing will not block all of these leaks" Mozilla wrote in a blog post. "But we believe it’s important to stop the scariest, most effective history attacks any way we can since it will be a big win for users' privacy."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.




Tags: open source, Firefox, browser, Mozilla, browser security


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.