Secunia researchers detected numerous security vulnerabilities in the Mozilla Firefox 2.0x Web browser, many of which enable malicious attackers to hack into vulnerable systems and either shut down or take complete control of a user's computer.
Researchers at Secunia, a Copenhagen, Denmark-based security company specializing in vulnerability assessment and management, issued a security advisory Wednesday, warning users of multiple errors they deemed "highly critical."
If exploited, the critical vulnerabilities could potentially allow remote attackers to conduct cross-site scripting and spoofing attacks, bypass security restrictions, disclose sensitive or system information, potentially compromise a user's system, access a user's system or launch a denial of service attack, according to the advisory.
In order for the attack to be successful, a hacker would have to entice or trick a user into viewing a malicious Web page or downloading a file infected with malicious code. However, users are only susceptible to exploitation if they're running versions prior to 2.0.0.15, the advisory warned.
Altogether, the vulnerabilities include multiple memory corruptions errors in the layout and JavaScript engine, a flaw in the handling of unprivileged XUL documents, and a bug in the "mozIJSSubSciptLoader.LoadScript" function that allows remote attackers to run arbitrary code with Chrome privileges.
Other errors can only be successfully exploited if an add-on using the affected function is installed. Those include multiple flaws in the block reflow process, the processing of file URLs contained within local directory listings, errors in the implementation of the JavaScript same origin policy and a glitch in the JAR file verification.
Additional errors can be found in the implementation of file upload forms and in the implementation of Java LiveConnect on Mac OS X. An uninitialized memory access error in the process of improperly encoded "properties," and flaws in the processing of "Alt Names" provided by peer trusted certificates and in the handling of Windows URL shortcuts also enable attackers to launch spoofing attacks or to access sensitive information.
Security experts recommend that users apply the latest version of Firefox, 2.0.0.15, onto their computers in order to protect themselves from attack, which can be downloaded from the Mozilla Website.
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
|
10 Security Predictions For 2012 CRN looks into its crystal ball and sees Android, hactivisim and cyber-espionage as some of the top 10 security threats in 2012. |
|
10 Biggest Security Breaches Of 2011 The Top 10 Security Breaches of 2011 show hackers were relentless in their pursuit of profit, compromising computer systems of universities, video-game makers and the largest banks. |
 More
Slide Shows |
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
- Remote Management and IT Security: Building Profits While Reducing Costs
