Share

Top 5 Stories

News

Mozilla releases Firefox 10 browser with nine security fixes

01 February 2012

Mozilla has released the latest version of its browser, Firefox 10, with fixes for nine security flaws, including five critical vulnerabilities.

One of the critical vulnerabilities opens users up to cross-site scripting attacks because the browser did not run proper security checks, Mozilla said in its security advisory.

The flaw “allows for cross-site scripting attacks through web pages and Firefox extensions. The fix enables the Script Security Manager to force security checks on all frame scripts”, Mozilla explained.

Other critical flaws fixed in Firefox 10 include: crash with malformed embedded XSLT stylesheets, potential memory corruption when decoding Off Vorbis files, child nodes from nsDOMAttribute still accessible after removal of nodes, and a miscellaneous category of memory safety hazards.

Under the miscellaneous category, Mozilla explained that its developers “identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

In addition to fixing security flaws, Firefox 10 adds new built-in developer tools “that let developers change the look and feel of websites in real-time”, Mozilla explained.

Further, Mozilla improved Firefox add-on compatibility and simplified the update process for all users.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comments

hh2 says:

02 February 2012
As I updated to FF 10, I was advised that Bing add-on would be disabled. Update completed still indicating that Bing was incompatible; however, it is still working after FF has been restarted. Does this mean that the update failed? I am using Windows XP, SP3

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×