Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a … Read more
Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be … Read more
Mozilla has been working with security researcher and analyst Rich Mogull for a few months now on a project to develop a metrics model to measure the relative security of … Read more
A recent report identified Firefox users as most likely to be running the latest version of the browser at any point in time. Brian Krebs at the Washington Post comments … Read more
TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue … Read more
As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is. First of … Read more
The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. … Read more
Firefox 2.0.0.12 is now available. This security update addresses the directory traversal issue described here and here. Details for this release are available at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
Background on this issue is available here. Impact An attacker can use this vulnerability to collect session information, including session cookies and session history. Firefox is not vulnerable by default. … Read more
Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more
Secunia released a report this week that discusses a few aspects of the security landscape for 2007. Techworld ran a story based on this report with this headline: “Red Hat … Read more
Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more