October 28th, 2009 Firefox hit by multiple drive-by download flaws
Posted by Ryan Naraine @ 7:34 am
Mozilla’s flagship Firefox browser is vulnerable to at least 11 “critical” vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing.
The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser’s form history.
One of the critical issues affect media libraries introduced in Firefox 3.5 when audio and video capabilities were added.
Here’s the skinny on the high-risk issues in this Mozilla Firefox patch batch: