14 DAY TRIAL // The release notes for the latest stable variant of Firefox were made public, and we learned that a total of eight security flaws were patched up, five of which could have allowed an attacker to run arbitrary code and install software without any interaction from the user.
Firefox 10 addresses a potential memory corruption bug that could affect customers while Ogg Vorbis files are decoded, and a miscellaneous memory safety hazard.
Other critical vulnerabilities present in the prior versions include a crash with malformed embedded XSLT stylesheets, frame scripts calling into untrusted objects permit an attacker to bypass security checks, and child nodes from nsDOMAttribute still being accessible even after the nodes are removed.
Fixed high impact weaknesses include the fact that <iframe> elements are exposed across domains via the name attribute and an uninitialized memory append issue while encoding icon images. The latter could have allowed a hacker to steal sensitive information.
A moderate security weakness refers to the way the Firefox Recovery Key.html is saved with unsafe permissions.
Users are advised to immediately update to make sure their devices and digital assets are protected against potential malicious operations.
Firefox 10 for Windows is available for download here. Firefox 10 for Linux is available for download here. Firefox 10 for Mac is available for download here.