Saturday, April 30, 2011

Mozilla Firefox4.0.1 First Security Update



Mozilla Released it's first release of Mozilla Firefox Firefox 4.0.1 which is a open source browser.

Fourteen flaws have been found in Firefox 4.0.1 from which 13 flaws are categorized as critical Vulnerabilities and one is mentioned low impact Vulnerability.

The biggest category of fixed vulnerabilities in Firefox 4.0.1 are memory safety related issues, with 10 identified flaws.

"Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products," Mozilla warned in its advisory. "Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code." 

You can check their warning here - Here

The high impact category of flaws is in WebGL and its related WebGLES graphics library. Mozilla is providing three fixes for WebGLES flaws in the Firefox 4.0.1 update.

 As opposed to the critical memory flaws that Mozilla is patching with the Firefox 4.0.1 release, the XSLT flaw will not lead to arbitrary code execution. According to Mozilla, the XSLT flaw could have been used by an attacker to help launch some form of memory corruption that could possibly make another attack more reliable.  

The Firefox 4.0.1 release is the first update to Mozilla's browser since Firefox 4 release in March. Firefox developers are currently on Firefox 5, which may release at JUNE last



No comments:

Post a Comment