Some vulnerabilities have been reported in Mozilla Firefox by Mozilla Developer and Community, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a vulnerable system. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to potentially compromise a user’s system.

The vulnerability is caused due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory. Successful exploitation may allow execution of arbitrary code.

One of the security hole is reported SSL spoofing using IDN characters that appear like spaces on Windows (invisible). This vulnerabilty has been fix, see detail this information at bugzilla.mozilla.org.

Other bug was reported by Gregory Fleischer that this vulnerability can load local resources or file via the file: protocol with any domain’s cookies which have been saved on a user’s machine. Successful exploitation requires that a victim downloads a specially crafted document, and opens a local file before opening the malicious document in the same browser window.

Mozilla Developer has been fix all vulnerabilties  and way that is wise to update the browser that we use with current released. Mozilla was released with current release : Mozilla Firefox v3.o.11 and available to download at Mozilla.org/firefox.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Slashdot
  • Technorati
  • YahooMyWeb