Top 5 Stories


They just don't make Firefox 10 the way they used to

14 February 2012

Mozilla is already plugging a critical security hole in Firefox 10, just a couple of weeks after unveiling the latest version of its browser.

The vulnerability, which also affects the Thunderbird email product and SeaMonkey cross-platform internet suite, enables a remote attacker to cause a denial of service through an application crash or to execute arbitrary code.

Mozilla developers Andrew McCreight and Olli Pettay discovered that “ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable”, the company said in a security advisory.

Firefox 9 and earlier versions are not affected by the vulnerability, Mozilla explained.

In addition, Mozilla announced plans to create a Metro version of Firefox for Windows 8. The application will be based on the open source Gecko layout engine and will take advantage of the full screen touch enhancements of Microsoft's new Windows 8 Metro style apps, alongside support for the Awesomebar, tabs, and common navigation controls.

This article is featured in:
Application Security  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×