Firefox 3.6.7 plugs 14 security holes

Posted on Wednesday, July 21 2010 @ 21:18 CEST by Thomas De Maesschalck
Mozilla rolled out Firefox 3.6.7, this new release plugs a total of 14 security holes, including eight marked as critical.

Bugs fixed:
  • MFSA 2010-47 Cross-origin data leakage from script filename in error messages
  • MFSA 2010-46 Cross-domain data theft using CSS
  • MFSA 2010-45 Multiple location bar spoofing vulnerabilities
  • MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
  • MFSA 2010-43 Same-origin bypass using canvas context
  • MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
  • MFSA 2010-41 Remote code execution using malformed PNG image
  • MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
  • MFSA 2010-39 nsCSSValue::Array index integer overflow
  • MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
  • MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
  • MFSA 2010-36 Use-after-free error in NodeIterator
  • MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

    • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


    Loading Comments

    Share this story!

    Latest news

    Latest reviews