Mozilla Firefox 3.0.9 fixes XSS flaws
Mozilla is out with Firefox 3.0.9 today, fixing at least one critical set of vulnerabilities and issuing 9 security advisories in total.
The one critical security issue is another 'Crashes with evidence of memory corruption' advisory, which nearly every Firefox update of the past three years has included. More interestingly, Firefox 3.0.9 includes several fixes related to XSS (cross site scripting) related flaws.
One of the XSS risks patched in the update, deals withsame-origin violations in XMLHttpRequest (XHR). XHR requests are the lifeblood of AJAX communications and though Mozilla has only labelled this issue as being 'High', in my view it's the most serious issue fixed in 3.0.9. Mozilla's advisory on the issue notes that, " An attacker could use this vulnerability to execute arbitrary
There is also a same origin violation (in my view this is still XSS) with how Mozilla handles Adobe Flash. According to Mozilla's advisory on Flash handling flaw,"The Flash file can bypass restrictions imposed by the
crossdomain.xml mechanism and initiate HTTP requests to arbitrary
third-party sites. This vulnerability could be used by an attacker
to perform CSRF attacks against these sites."
Again Mozilla has only labelled the Flash issue as being 'High', but I see it as critical. Perhaps even more serious in my layperson's view is this is a flaw that stem from a third party plug-in (Flash) but affect Mozilla. It underscores the importance of proper boundary checking for plug-ins(think QuickTime too), which really could represent the greatest threats to browsers in general.