Mozilla is out with its first Firefox update of 2009. Firefox 3.0.6 fixes at least six vulnerabilities, with only one tagged by Mozilla as being critical.
The on critical bug is a crash with evidence of memory corruption issue, which is something that I see in nearly every Firefox update. Mozilla doesn’t provide a great deal of detail in its advisory on the issue – but that’s a good thing since in this case the only purpose it would likely serve is for someone to reverse engineer and attack.
Firefox 3.0.6 also plugs a Cross Site Scripting (XSS) issue whereby the JavaScript could be executed within
the context of another website, violating the same origin policy.
Perhaps more troubling to me is an issue only rated as ‘High’ by Mozilla for a Local File stealing issue related to the SessionStore function. According to Mozilla’s advisory:
“An attacker could set an input control’s text value to the
path of a local file whose location was known to the attacker. If the tab
was then closed and the victim persuaded to re-open it, upon restoring the
tab the attacker could use this vulnerability to change the input type to
file
. Scripts in the page could then automatically submit
the form and steal the contents of the user’s local file.”
Then there is a fix for a fix (Mozilla tends to have a few of these in any year — hey it happens). Firefox 3.0.4 fixed that could have enabled an attacker to steal user information from local shortcut files.Apparently the flaw fix could be bypassed according to Mozilla so they’ve updated the fix to further mitigate risk.