Mozilla Patches 8 Critical, 1 High Risk And 1 Moderate Risk Vulnerabilities

By Author: eccuni
Total Articles: 211
Comment this article

Recently, Mozilla released patch for 10 vulnerabilities. The addressed vulnerabilities pertain to Firefox 3.6.14, 3.5.17 and Thunderbird 3.1.8. The developer has rated 8 out of the 10 vulnerabilities as critical. Out of the remaining two, Mozilla has rated one as high and the other as moderate risk security flaw.

The vulnerabilities are associated with JPEG image, plugins and 307 redirects, text run construction, web workers, JavaScript atom map, JavaScript upvarMap and JSON.stringify. The security update also addresses numerous memory safety bugs associated with Firefox 3.6 and 3.5, which cause memory corruption. Attackers could exploit the bug to run arbitrary code. Security professionals at Mozilla also patched a security flaw caused by ParanoidFragmentSink. Usually, ParanoidFragmentSink class is used to clean unsafe HTML. However, it was identified that the class allows javascript URLs in chrome documents. The flaw could be exploited by a malicious extension code. The security update included a patch for a security flaw, which could allow an attacker to use a specially crafted JPEG image to store a malicious code ...
... in the memory and get it executed on a targeted computer system. Firefox and Thunderbird users must update their browsers to protect their computer system from security breaches.

The vulnerabilities were reported by security researchers affiliated to various organizations. Mozilla rates those vulnerabilities as critical, which may be exploited by attackers to execute code and install malicious software in computer systems of users performing normal browsing. The developer ranks those vulnerabilities as high, which track websites visited by a user to either steal information or to inject malicious code on the visited websites. The vibrant threats from cybercriminals could be tackled by proactive identification and timely communication of security flaws. Online degree and training programs may help security experts in improving their soft skills.

Security professionals at Mozilla have addressed the security flaws a week before the Pwn2Own contest, which would be organized as a part of the upcoming CanSecWest security conference. Ethical hackers, computer science degree holders, penetration testers and other IT security professionals are expected to exploit flaws associated with different web browsers such as Mozilla firefox, Google Chrome and Microsoft Internet Explorer along with other software applications during the contest. Developers and sponsors have announced cash prize and other bounties for experts, who manage to breach the security of the products.

Organizations require large number of cyber security experts to deal with the sophisticated challenges from attackers. Introduction of online university degree programs may encourage prospective science and engineering students to undertake research in cyber security and contribute in developing new secure technologies.