TechWorld.com - Firefox has been hit by eight security flaws, six of which are also found in the older Mozilla suite.
The vulnerabilities could allow an attacker to take over an affected system, carry out cross-site scripting and bypass some security restrictions, the Mozilla Foundation warned on Friday when it released patches for the holes. Independent security firm Secunia gave the updates a "highly critical" rating.
As Firefox gains market share, its handling of security issues is drawing more scrutiny. The patches are the third round of security fixes for Firefox and the seventh update for the 1.7 version of Mozilla. The Mozilla project has stopped major development on the suite but is continuing to fix security flaws.
Two of the vulnerabilities affect Firefox only. One is an input validation error that occurs when processing the "pluginspage" attribute of the "embed" tag for plug-ins, it could be used to inject JavaScript code. The other is a bug in the sidebar that could allow cross-site scripting.
The remaining six bugs, which affect both browsers, are capable of the following:
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
