"Mozilla Corp. today patched eight security
vulnerabilities in Firefox, half of them critical memory corruption
flaws in the browser's layout and JavaScript engines.
Firefox
3.0.7, the second security update this year to the open-source browser,
fixes about the same number of bugs that Mozilla patched a month ago.
Of
the eight vulnerabilities, six were rated "critical," one "high" and
one "low" in Mozilla's four-step ranking system. The six critical bugs
are in Firefox's garbage collection routine, in the PNG libraries used
by the browser, and in the layout and JavaScript engines.
Mozilla
was uncertain whether the four vulnerabilities patched in the layout
and JavaScript engines could be exploited, but assumed as much. "Some
of these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of
these could be exploited to run arbitrary code," the accompanying advisory read."
Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128986
