Mozilla blocked the vulnerability for Firefox

Yesterday (December 17) Mozilla has upgraded Firefox to a new version to block a number of new security holes discovered in previous versions.

Specifically, Firefox 3 was upgraded to version 3.0.5 this time to fix 8 new security bugs discovered in version 3.0.4. At the same time Firefox 2.0.0.18 also received 9 patches to be upgraded to version 2.0.0.19. But of the 9 bugs of Firefox 2, there are 7 similar errors Firefox 3, so it can be said that only a total of 10 security flaws were fixed by Mozilla.

Out of 10 errors, up to 4 of Mozilla's errors are classified as 'extremely dangerous' (critical). A 'high' error (hight). The two errors are 'moderate' and the others are 'low'.

Up to 3 out of 4 'critical' errors corrected for this phase are XSS errors - also known as cross-site scripting errors. If you successfully exploit these errors, hackers can attack multiple websites at once.

The most dangerous of the 'critical' errors is the XSS error that arises in the SessionStore feature - or the most recent version restore feature of Firefox. If you successfully exploit this error, hackers can completely remove malicious content or gain full rights to execute the JavaScript code on the user's PC.

Meanwhile the last "critical" XSS error only affected Firefox 2 versions, not threatening Firefox 3. This error stems from the preview of the RSS (feed preview). If successfully exploited this error, the hacker could gain the right to execute Javascript code at the 'chrome' priority level.

The final 'critical' error is a buffer overflow that arises in the browser engine itself (browser engine) used not only in Firefox but also in a variety of Mozilla products such as mailing applications. Thunderbird electronics for example. In certain cases hackers can take advantage of buffer overflow to make the browser fully hang up or execute malicious code on a user's PC.

Among the remaining errors perhaps the most notable is the domain data theft error by taking advantage of the code (script) that redirects the error message. This error is classified as 'high' (hight). Hackers can exploit this error to steal information about users on a website that they have a login account on.

In addition to fixing security flaws this time, Mozilla also fixed some operating-related vulnerabilities for Firefox 3, adding support languages ​​.

Forget the error of Firefox 2

Soon after the 2.0.19 update was released, the Mozilla leader discovered that they had forgotten the patch for another pretty dangerous bug in Firefox 2.

However, only Firefox 2 for Windows is in this situation. If full, Firefox 2.0.0.19 should have 10 fixes. Malfunction does not occur with Firefox for Mac and Linux versions.

Mozilla leader - in an official website article - confirmed that the Firefox 2.0.0.20 upgrade will be added with this fix. It is expected that this upgrade will be released as early as tomorrow (December 19) and no later than the next Monday (December 22).

At the same time, Mozilla's leader also confirmed that this error is not really dangerous and the risk of users being attacked is not high. ' Mozilla claims this is not a dangerous security vulnerability and there are still no exploits to be distributed to the Internet .'

Mozilla also encourages users to quickly upgrade to Firefox 3 because Mozilla is about to stop support for Firefox 2 version. Mozilla's policy is to maintain support for the older version of Firefox only. 6 months after the new release. Firefox 3 officially launched in June last.

Users can download the latest version of Firefox 3 here and Firefox 2 here.