Tuesday, September 07, 2010

Mozilla Firefox 3.6.9 Security Update

Mozilla released Firefox version 3.6.9 which fixes several security and stability issues.  In addition, this version introduces support for the X-FRAME-OPTIONS HTTP response header. Site owners can use this to mitigate clickjacking attacks by ensuring that their content is not embedded into other sites.


If not prompted to update, existing Firefox users can update via Help > Check for Updates.

Security Issues Fixed in Firefox 3.6.9

  • MFSA 2010-63 Information leak via XMLHttpRequest statusText
  • MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
  • MFSA 2010-61 UTF-7 XSS by overriding document charset using type attribute
  • MFSA 2010-59 SJOW creates scope chains ending in outer object
  • MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
  • MFSA 2010-57 Crash and remote code execution in normalizeDocument
  • MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
  • MFSA 2010-55 XUL tree removal crash and remote code execution
  • MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
  • MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
  • MFSA 2010-52 Windows XP DLL loading vulnerability
  • MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
  • MFSA 2010-50 Frameset integer overflow vulnerability
  • MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)


Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Information





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: