Mozilla updates Firefox security flaws


A new version of Firefox has been rolled out in response to three major vulnerabilities being discovered within the browser. The Mozilla Corporation rates all three as 'high impact' - the second most serious of its four security categories.

The new update is known as Firefox One of the patches fixes a cross-site scripting flaw in the jar: URI scheme. The bug could mean that an attacker is able to deal personal details.

A proof of concept demonstration of the flaw saw how contacts could be siphoned from Google Mail using the vulnerability. Mozilla seems to be giving its own security researchers Jesse Ruderman and Petko D. Petkov with reporting the issue. Another concerns memory corruption with the concern being that a memory crash could potentially be used to run an exploit.

The fixes are also present in the latest release of the SeaMonkey browser. You should see the updates drip down to you through the browser's Software Update system.