Firefox security holes

There’s a new version of Firefox out (1.5.0.2), with fixes for 22 security issues, according to Secunia. My favorite is this one:

2) An error in the garbage collection in the JavaScript engine can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

Apparently garbage collectors are not perfect! Who knew.

Among the 22 issues there are a bunch that would clearly be prevented by a safe language like Cyclone:

3) A boundary error in the CSS border rendering implementation may be exploited to write past the end of an array.

4) An integer overflow in the handling of overly long regular expressions in JavaScript may be exploited to execute arbitrary JavaScript bytecode.

6) An error in the “InstallTrigger.install()” method can be exploited to cause a memory corruption.

13) An error in the processing of a certain sequence of HTML tags can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

15) Some errors in the DHTML implementation can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

16) An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow.

Successful exploitation allows execution of arbitrary code.

Some of the others might be safety issues as well, but it takes quite a bit of digging to figure these things out.

14 April 2006 by trevor #