Mozilla issues 'critical' Firefox fixes

Nine advisories cover 'critical' and 'high risk' flaws

Mozilla has issued a Firefox update addressing a number of security issues in the popular open source browser.

The nine advisories cover vulnerabilities ranging from the ability to spoof pop-up windows to the possibility of remote execution of malicious code.

Among the most serious is a flaw in Firefox's handling of JavaScript code. Specially-crafted JavaScript code could compromise the browser and allow remote execution of code or a cross-site scripting attack.

The vulnerability was rated 'critical', the highest of Mozilla's four threat levels.

The second 'critical' flaw addressed a group of non-specified updates which, if exploited, could lead to a memory corruption error that could then allow an attacker to access the targeted system and remotely execute code.

Mozilla also issued updates for a pair of 'high risk' flaws, including a vulnerability in the Java component which could allow an attacker to access arbitrary connection ports.

Another 'high risk' flaw could allow an attacker to spoof pop-up windows on the target system.

Other fixes are for a vulnerability that could allow for the spoofing of URL referrers, and a set of vulnerabilities which could allow for cross-site scripting.