Released in today's Aurora update (download for Windows | Mac | Linux), the benefit of the built-in channel changer is that users who want to see what's coming in future versions of Firefox can now do so without having to download a separate installer.
Just a few weeks after the first release of Firefox Aurora, Mozilla's "developer's" build of Firefox, the browser maker debuted a switch that lets users switch on the fly among Aurora, Beta, and Release versions of the browser. Users can access the Firefox update directly from the Mozilla site.Firefox Aurora now comes with a built-in channel changer to switch between releases without having to download a separate installer.
An attacker could create a file or directory on a Gopher server with the encoded script, which would then run in a victim's browser within the site context.Īdditionally, the update addressed a cross-site information disclosure glitch, also given the severity ranking of "high" as well as a SSL wildcard certificate bug ranked "moderate," and an "insecure Diffi-Hellman key exchange, given a "low" severity ranking. Next: Mozilla Addresses Less Critical FlawsĪnother fix repaired vulnerabilities designated with the slightly less severe rating of "high" included a cross-site scripting flaw in the gopher parser allowing hackers to exploit text to HTML tags by converting the text into executable JavaScript. In addition, the update fixed a critical dangling pointer vulnerability in LookupGetterOr Setter, as well as a use-after-free error in nsBarProp. The attacker could then load their own malicious library by replacing the legitimate file.
Researchers found that a library loading function used for external libraries on Windows was vulnerable to binary code attacks if an attacker were to place a similarly named executable - a malicious shared library with the same name - in the current working directory or any other location that Windows searches for executables. The other update entailed a comprehensive fix for Mozilla termed as "several miscellaneous memory safety hazards."įirefox 3.6.11 also patched a critical library loading vulnerability. One of the fixes addressed a buffer overflow and memory corruption flaw that could occur by passing an excessively long string to document.write. Specifically, the latest Firefox update repaired two memory corruption errors that could potentially be used by hackers to execute arbitrary code. Mozilla repaired a slew of bugs Wednesday in a comprehensive Firefox update totaling nine fixes, five of which are deemed critical.Īltogether, the latest version, Firefox 3.6.11, addresses five flaws that enable hackers to launch malicious attacks onto users' systems remotely, as well as two errors that carry the slightly less severe rating of "high" and one that is considered "moderate." The update runs across Windows, Mac OS X and Linux environments.
0 kommentar(er)
