Security Holes Get Plugged in Firefox 3.5.8
Mozilla programmers fixed three critical security flaws with the release of Firefox 3.5.8.
One vulnerability was found by Alin Rad Pop. Pop's a researcher for Secunia Research and figured out that Firefox's HTML parser was incorrectly using freed memory when insufficient space was available to process remaining input.
According to the Mozilla bug report, "Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text."
A hacker could then run methods on the freed memory to execute arbitrary code and do bad things.
Orlando Barrera II found a problem with Mozilla's Web Workers. The security researcher figured out that there was an error in how Web Workers were handling array data types when processing posted messages.
The bug report said, "This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer."
Team Mozilla found the third security hole.
"Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," according to Mozilla's bug report.