Mozilla patches critical Firefox flaws

Mozilla has released updates for its Firefox browser as well as its Thunderbird email client, patching critical flaws.

Version 2.0.0.2 of Firefox has also been tweaked to work better with Microsoft Vista.

One of the critical flaws that has now been fixed could lead to memory corruption and allow a hacker to run code on the vulnerable computer.

Another could let a hacker control cookies stored on a computer to direct an internet user to the hacker's malicious website rather than the legitimate one.

"As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases we fixed several bugs to improve the stability of the product", Mozilla wrote on the security advisory.

"Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code."

Another of the vulnerabilities could allow for the running of unauthorised software; this flaw was undisclosed before the security update.

Firefox and Thunderbird users should get the software update automatically.


>