Eleven security bulletins for Mozilla Firefox

The Mozilla Foundation has published eleven security bulletins to fix various vulnerabilities in Mozilla Firefox which could be exploited by a remote attacker to manipulate or disclose sensitive information, bypass security restrictions or compromise a vulnerable system.

Below are the published vulnerabilities:
The first problem lies in a flaw in the way Firefox handles the history of forms. This vulnerability could allow a remote attacker to steal stored data and cause the browser to automatically fill in forms via a specially crafted web page. Another error occurs in the way Firefox appointing temporary files download. A local attacker could exploit this issue to execute arbitrary code via a change of contents of the temporary files download.

Creating Web recursive-workers in JavaScript can be used to create a set of objects whose memory can be released prior to use. These conditions usually result in a denial of service, which could potentially allow an attacker to arbitrary code execution. Multiple vulnerabilities are due to the way Firefox processes the wrong web content, a remote attacker could cause a denial of service and potentially execute arbitrary code via a specially crafted web page.

Another bulletin is a bug in the GIF image processing of Firefox that could cause an overflow of heap memory. A remote attacker could exploit this issue to cause a denial of service and potentially execute arbitrary code via a specially crafted GIF image.

Another error occurs in the fixed conversion routines floating point string to Firefox, which could overflow a heap-based memory. A remote attacker could exploit this issue to cause a denial of service and potentially execute arbitrary code with the permissions of the user through a web page with Javascript, specially crafted code.

Another bulletin refers to an error in the way Firefox handles text selection. A remote attacker could exploit this issue to see the user selected text from a different domain via a specially crafted website. An error occurs in the way Firefox displays the name when you download a file, which would show a different name in the title bar and body dialogue. A remote attacker could perform an attack by man in the middle and execute arbitrary code via a specially crafted file.

Mozilla has also updated several third-party libraries to correct failures in the treatment of memory and stability bugs.

We recommend you upgrade to Mozilla Firefox 3.5.4 or 3.0.15 versions:
http://www.mozilla.com/firefox/