Mozilla patches three critical Firefox flaws

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Mozilla issued 10 patches on Friday for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now

One of the critical vulnerabilities, MFSA 2008-06, is a problem in the way the browser handles images on certain Web pages.

It's possible to exploit the flaw to steal a person's Web browsing history, forward that information and then crash the browser. It may also be possible to run arbitrary code on a machine, Mozilla said.

A second critical vulnerability can enable a privilege escalation attack or remote code execution.

The last critical problem involves a memory corruption flaw that "we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said.

Also notable is a fix for a problem with Mozilla's "chrome" protocol, which is the term Mozilla uses for its user interface. The problem involves some of Firefox's add-ons, or applications that users can download which extend browser functionality.

The vulnerability would let an attacker determine what applications are installed on a person's PC, which could give clues to how the machine could be compromised, Mozilla said. However, a victim would have to be lured to a special malicious Web page designed to take advantage of the flaw.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon