14 DAY TRIAL // Mozilla has released Firefox 3.6.11 and Firefox 3.5.14 in order to address multiple vulnerabilities, many of which are several rated critical.
A total of nine security advisories were published. Five have a critical impact, two high, one moderate and one low.
One advisory (MFSA 2010-71) covers two unsafe library loading issues, one on Windows and one on Linux, discovered by Ehsan Akhgari and Dmitri Gribenko, respectively.
This type of vulnerability, also known as remote binary planting, stems from insecure use of library loading functions, which search for the file in predefined locations when no absolute path is specified.
One of the locations is the search path is the current working directory, which on Windows can be a network share or even a remote WebDAV resource.
If the application calls a library on an OS variant that doesn't have it, for example a Vista or Windows 7-only DLL called on XP, an attacker can put a malicious file with the same name in the current working directory and have it loaded.
Hundreds of applications are vulnerable to such attacks and both Safari and Opera previously patched similar flaws. Mozilla fixed a different Firefox remote binary planting bug last month.
The remaining four critical advisories cover a total of six arbitrary code execution vulnerabilities discovered by Mozilla developers and researchers Alexander Miller, Sergey Glazunov and regenrecht.
The two high-risk advisories address two cross-site scripting weaknesses, while the moderate impact one covers a bug in parsing SSL certificates with wildcards in the name.
"It is extremely unlikely that such a certificate would be issued by a Certificate Authority," the Mozilla security team stresses.
The lowest rated vulnerability is also related to SSL and concerns the use of too short Diffie-Hellman Ephemeral mode (DHE) keys.
Firefox 3.6.11 and 3.5.14 for Windows can be downloaded from here.
Firefox 3.6.11 and 3.5.14 for Mac can be downloaded from here.
Firefox 3.6.11 and 3.5.14 for Linux can be downloaded from here and here.