An upgrade to Firefox 1.5.0.2 has been available for a couple days now. Sorry for the delay. I’ve been sick all weekend. Just love it. I have a long weekend and I have to spend it with a throbbing headache. Ah well. So here is the scoop…
1) An error exists where JavaScript can be injected into another page, which is currently loading. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an arbitrary site.
2) An error in the garbage collection in the JavaScript engine can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
3) A boundary error in the CSS border rendering implementation may be exploited to write past the end of an array.
4) An integer overflow in the handling of overly long regular expressions in JavaScript may be exploited to execute arbitrary JavaScript bytecode.
5) Two errors in the handling of “-moz-grid” and “-moz-grid-group” display styles may be exploited to execute arbitrary code.
6) An error in the “InstallTrigger.install()” method can be exploited to cause a memory corruption.
7) An unspecified error can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations.
Upgrade. No glove no love.
