Security update for Firefox

Security update for Firefox

The update addresses a number of memory corruption issues that could cause the application to hang, as well as a bug related to cross requests that could be used by attackers to gain access to certain websites.

The main fix in this hotfix is ​​related to the way Firefox processes compressed files in the .jar format (Java Archive).

Firefox does not adequately check for .jar files, offering attackers an avenue to execute cross-site script-based web attacks against Firefox users. This flaw was announced for the first time last February, although it became more widely publicized in early November when security experts demonstrated how such attacks could be used to execute unauthorized code on victims’ PCs.

Bugs related to memory corruption could also have led to more serious problems, as Mozilla notes in a bug report.

The problem related to .jar files corresponds to a new category of bugs that have appeared in both Firefox and other browsers in recent months. This failure is related to the way in which the browser handles the special web links used to run applications. Known as vulnerabilities in the management of the URI (Uniform Resource Identifier) ​​protocol, these bugs can come into action when the software is run through the browser.

Vulnerabilities in the handling of the URI protocol have been detected in Microsoft Internet Explorer, Adobe software, and Google Picasa software.