Mozilla fixes Vulnerabilities, But A New One Found In Internet Explorer

Mozilla has released FireFox 2.0.0.15 which fixes 5 critical ,4 High ,2 Moderate and 1 Low vulnerabilities.

Here’s list of what’s been fixed in this update.

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

There’s been a new flaw found in Internet Explorer that focuses on IE’s inline frames, and affects Microsoft’s Internet Explorer 6, 7, and 8 beta 1, the security flaw could subject users who visit a malicious Web site or open a malicious e-mail message to arbitrary code.

“iframes,” or inline frames, often are used for serving ads, which typically come from a different domain than content that appears on the same Web page.

U.S. CERT describes it as,

“Microsoft Internet Explorer fails to properly restrict access to a document’s frames, which may allow an attacker to modify the contents of frames in a different domain.”

Source — Secunia