The California-based Mozilla Foundation is promising an update soon after two extremely critical security vulnerabilities were found in its Firefox browser.
One flaw, which involves "IFRAME" JavaScript URLs, could be exploited to conduct cross-site scripting attacks and compromise a user's system, PC Pro reported Monday.
A second flaw exists when input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. It could be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL, experts said.
Because the foundation controls all sites in the default software installation white list, it has been able to take preventative action by placing more checks in the server-side Mozilla Update code and moving the update site to another domain.
______________________________________
Read More/Source:
Top-Tech-News
