TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27725 VERIFY ADVISORY: http://secunia.com/advisories/27725/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS, System access WHERE: From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially to compromise a user's system. 1) A race condition when setting the "window.location" property can be exploited to generate a fake HTTP Referer header, which can be used to conduct cross-site request forgery attacks. 2) Some unspecified errors can be exploited to cause memory corruption and potentially allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.0.0.10. SOLUTION: Update to version 2.0.0.10. http://www.mozilla.com/firefox/ ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-38.html http://www.mozilla.org/security/announce/2007/mfsa2007-39.html ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.