Mozilla issued 10 patches on Friday for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now 220.127.116.11.
One of the critical vulnerabilities, MFSA 2008-06, is a problem in the way the browser handles images on certain Web pages.
It’s possible to exploit the flaw to steal a person’s Web browsing history, forward that information and then crash the browser. It may also be possible to run arbitrary code on a machine, Mozilla said.
A second critical vulnerability can enable a privilege escalation attack or remote code execution.
The last critical problem involves a memory corruption flaw that “we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla said.
Also notable is a fix for a problem with Mozilla’s “chrome” protocol, which is the term Mozilla uses for its user interface. The problem involves some of Firefox’s add-ons, or applications that users can download which extend browser functionality.
The vulnerability would let an attacker determine what applications are installed on a person’s PC, which could give clues to how the machine could be compromised, Mozilla said. However, a victim would have to be lured to a special malicious Web page designed to take advantage of the flaw.