Critical security fixes arrive for Firefox 2 and 3

Stephen Withers
Thursday, 17 July 2008 10:21

Business IT - Technology

New updates to Firefox 2 and 3 include security patches for critical flaws that could expose users to remote code execution. The Firefox 3 update also includes bug fixes for stability and other issues.

Firefox 2.0.0.16 addresses two critical issues. The first could lead to remote code execution by causing a variable to overflow by creating a very large number of references to a CSS object.

This flaw was reported to Mozilla by TippingPoint's Zero Day Initiative, which pays security researchers for new vulnerabilities and then reveals the details to the vendor concerned under self-imposed 'responsible disclosure' guidelines.

The other issue provides a way of partially bypassing a previous Firefox patch. Passing a command line URI containing "|" symbols caused Firefox to open multiple tabs, which could be used to launch chrome: URIs from the command line. This is undesirable as chrome is not supposed to be opened by applications for security reasons.

Another Internet-connected application could use this technique to cause Firefox to open files stored in known or guessable locations, for instance files that had been downloaded by a Safari 'carpet bombing' attack.

These attacks can only work if Firefox is not already running.

Firefox 3 flaws fixed by the 3.0.1 update cover the pair described above, plus a Mac OS X-specific issue whereby rendering a maliciously crafted GIF file causes a crash and potential arbitrary code execution.

More foxy fixes on page 2!