Topic: Mozilla, Opera shutter security holes

[Amker]

The Mozilla Foundation and Opera Software both released updates to their respective browsers this week, fixing a total of 14 security issues.

Opera's security update patched six security problems in the company's software on Thursday, including a vulnerability caused by the browser's misuse of application memory when removing BitTorrent transfers from the transfer list. The flaw, referred to as a dangling pointer, occurred because Opera references a pointer to memory that had already been freed. The vulnerability is detailed in an advisory published by iDefense, a subsidiary of Internet and security services provider VeriSign. The Opera patch fixes five other issues as well.

The Mozilla Foundation released an update for its Firefox browser earlier this week, fixing eight issues, three of which were rated Critical by Mozilla. The issues included an insecure interaction between Microsoft's Internet Explorer and Firefox or other Windows programs. If a user goes to a malicious Web site using Internet Explorer and clicks on a link that uses a URL protocol to launch another Windows program via the command line, Internet Explorer does not validate the input properly, the Mozilla Foundation stated in its advisory.

"Other Windows applications can be called in this way and also manipulated to execute malicious code," the advisory stated. "This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer."

The issue is fixed in both Mozilla 2.0.0.5 and Thunderbird 2.0.0.5.
SecurityFocus