Mozilla has updated its flagship FireFox browser to version 1.5.0.4 and, in the process, fixed no less than 12 flaws.
Five of the vulnerabilities are classified by Mozilla as “critical” and two are rated as “high.”
Among the “critical” vulnerabilities is “Mozilla Foundation Security Advisory 2006-32,” which fixes a potential memory corruption vulnerability.
“Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable, “the Mozilla advisory said.
A critical privilege escalation exploit also got plugged in Firefox 1.5.0.4 that could have been exploited via persisted XUL attributes that are associated with an incorrect URL.
XUL Mozilla Foundation Security Advisory 2006-37 is titled,”Remote compromise via content-defined setter on object prototypes.” It is also labeled as “critical.” Mozilla’s advisory on the potential XUL vulnerability as well as the object prototypes and a few other items were among 12 publicly reported vulnerabilities. But more details were hard to come by as of presstime. The reason? “Exploit details withheld until sufficient users upgrade to a fixed version.” Mozilla’s advisories said. However, at least one of the vulnerabilities that Mozilla rated as “high” included more detail. Mozilla Foundation Security Advisory 2006-33, titled “HTTP response smuggling” explains how Firefox could be fooled by a malicious proxy server’s response to a page request. “The content of that response could be a Web page that could steal login cookies or other sensitive data if the user has an account at the victim site,” Mozilla’s advisory continued. Firefox 1.5.04 also fixed a vulnerability that was supposed to have been fixed in the 1.5.0.2 update, which was released in mid-April of this year. Mozilla Foundation Security Advisory 2006-41 is an update to MFSA 2006-23 titled,”File stealing by changing input type.” That particular flaw, according to the original advisory, could allow a malicious Web site operator to potentially steal any local file on a user’s PC as long as they could guess their user name. The attack vector would be via a pre-filled text input box that could then be turned into a file upload control. However, the fix that Mozilla introduced did not completely address the issue. “In Firefox 1.5.0.2, it is still possible to pre-fill a text input control with the path to a file at a known location and then change the type of the input control to a file upload control without having the value reset as intended,” Mozilla’s advisory said. The 1.5.0.4 release is the fourth point upgrade for Firefox this year. Version 1.5.0.1 was released in February; 1.5.0.2 in April and the 1.5.0.3 release at the beginning of May. Mozilla’s next generation Firefox’s 2.0 release is now an Alpha 3, and is expected to go to full release later this year.