Mozilla has released a new update for its Firefox browser, thus plugging a critical vulnerability reported recently.
The Javascript vulnerability was reported in version 2.0.0.13, with previous version tagged as “possibly affected” as well. THe company advises Firefox users to upgrade to version 2.0.0.14.
According to Mozilla's advisory, “some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past.”
Basically, an attacker could've exploited this flaw with the help of a specially-crafted Javascript code. Successful exploitation would've allowed the attacker to run arbitrary code on the infected machine.
Mozilla notes that Thunderbird could also feature the same vulnerability, given the fact that it shares the browser engine with Firefox. The vulnerability can be exploited only if the user chose to enable JavaScript in mail. JavaScript is disabled by default in Thunderbird.
Add to Favorites
Set Home Page
