nsane.forums Posted February 12, 2012 Share Posted February 12, 2012 Mozilla rates this a “critical” vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.Mozilla has shipped an urgent Firefox security update to fix a vulnerability that exposes web surfers to malicious hacker attacks.The vulnerability, fixed with the latest Firefox 10.0.1, causes a browser crash that may be exploitable to launch code execution attacks.From Mozilla’s advisory:Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.Mozilla rates this a “critical” vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.The open-source group said Firefox 9 and earlier browser versions are not affected by this vulnerability. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.