Hi malware fighters,
The Mozilla Foundation brought out an update for the open source browser Firefox to patch six security vulnerabilities. Two vulnerabilities will enable attackers to perform random code, another vulnerability enabled an attacker to steal log on data through fraudulent pop-up windows. One of the more serious leaks is caused by JS and can be also found inside Thunderbird & SeaMonkey. “Another good reason to use the NoScript add-on,” according to ISC handler Raul Siles: http://isc.sans.org/diary.php?storyid=4196&rss Update through your browser or via Mozilla.com.
MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
Fixed in Firefox 2.0.0.13
polonus