Patch/Configuration Management, Vulnerability Management

Mozilla patches critical Firefox flaw

Share

Mozilla has patched a "critical" flaw in Firefox that could cause the alternative, open-source web browser to crash.

According to vulnerability monitoring firm Secunia, the bug – reported late last month – is caused due to "a reference to a deleted object when designMode (used for rich text editing) is enabled." The flaw can be exploited to corrupt memory and cause a crash by executing arbitrary code.

The payload can cause a Denial of Service (DoS) condition and the compromise of a user's system, according to the Secunia advisory. The vulnerability – reported by Martijn Wargers and Nick Mott –affected Firefox versions 1.5 through 1.5.0.2.

The bug was fixed in version 1.5.0.3, but users can temporarily disable JavaScript as a workaround until they upgrade to the updated version.

Tuesday's patch follows a rough April for Firefox – typically considered a much safer option to market leader Microsoft Internet Explorer. Mozilla fixed 21 vulnerabilities last month, 13 of which the company deemed critical.

In the recently released SANS Top 20 Internet Security Vulnerabilities, rapid growth in critical Firefox flaws is listed as the No. 4 trend. Experts have said that as more people turn to Firefox – now approximately 15 percent of the surfing community – hackers will focus more attention on discovering and exploiting new vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.