Updates - June 22, 2010

Firefox 3.6.4

What’s New in Firefox 3.6.4

Firefox 3.6.4 provides uninterrupted browsing for Windows and Linux users when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins.

If a plugin crashes or freezes, it will not affect the rest of Firefox. You will be able to reload the page to restart the plugin and try again.

==========

Security Issues Fixed in Firefox 3.6.4

MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

SpywareBlaster database update  6/22/2010

36 new items (IE - ActiveX controls)

for a total of 13694 items in database

after updating (via internal updater), be sure to enable all protection!

Here is the corresponding avisory from Secunia, re:  the FireFox update;

the following was copied/pasted from http://secunia.com/advisories/40309/

Description
Some [highly critical] vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a user's system.

1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.

2) An error in the handling of multipart/x-mixed-replace resources can be exploited to corrupt memory and potentially execute arbitrary code.

This vulnerability only affects version 3.5.x.

3) Multiple errors in the Javascript engine can be exploited to corrupt memory and potentially execute arbitrary code.

4) Multiple errors in the Javascript engine can be exploited to corrupt memory and potentially execute arbitrary code.

These errors only affect version 3.6.x.

5) A use-after-free error exists in "nsCycleCollector::MarkRoots()", which can result in the use of an invalid pointer and allows execution of arbitrary code.

6) A use-after-free error in the handling of object references among multiple plugin instances can be exploited to trigger the use of an invalid pointer and execute arbitrary code.

7) An integer overflow error exists in "nsGenericDOMDataNode::SetTextInternal" within the handling of text values for certain types of DOM nodes. This can be exploited to cause a heap-based buffer overflow via overly large strings.

8) An integer overflow error in a XSLT node sorting routine can be exploited to cause a buffer overflow and potentially execute arbitrary code via a node containing an overly large text value.

9) A weakness is caused due to "focus()" allowing to direct user input to unintended locations, e.g. an embedded iframe from another domain.

10) The HTTP "Content-Disposition: attachment" header is ignored when "Content-Type: multipart" is also present. This can result in security features being bypassed in sites that allow users to upload arbitrary files and specify a "Content-Type" but rely on "Content-Disposition: attachment" to prevent the content from being displayed inline.

11) A weakness exists due to the pseudo-random number generator being seeded only once per browsing session, which can be exploited to disclose the value used to seed "Math.random()" and potentially identify and track users across different web sites.

Solution
Update to version 3.5.10 or 3.6.4.

Note:   Despite this FireFox update, Secunia's PSI is still asserting that FireFox is INsecure, by virtue of the "less critical" Error Handling Information Disclosure Vulnerability discussed here:

http://secunia.com/advisories/39925/