Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted … Continue reading
Important Note: One of the malware results has been verified to be a false positive. Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/ Original blog entry follows below. Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware. … Continue reading
Mike Shaver, Mozilla’s Vice President of Engineering writes: I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending … Continue reading
Issue The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page. Impact to users If a user visits a page hosting this malicious code, a new window or … Continue reading
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, … Continue reading
Issue A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code. Impact The vulnerability can be exploited by an attacker who … Continue reading
Issue The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (http://www.securityfocus.com/bid/34235) are both critical issues that can result in malicious code execution. Impact These issues can be exploited by tricking … Continue reading
There has been some interest in the last few days about a recent report from a company called Bit9 about application vulnerabilities. While we’re always happy to see stories that focus on educating our users about security, there are some … Continue reading
Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a user browses to a malicious page that takes advantage of … Continue reading
Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be successful a user must browse to a malicious site. The … Continue reading
