Varias vulnerabilidades se han encontrado en los navegadores Mozilla , versiones 1.7.6 o anteriores y en Firefox versiones 1.0.2 y anteriores, el fallo más notable por el impacto que pueda causar es un posible ataque por Cross Site Scripting o ejecución remota de código por Websites maliciosos.
Hay solución a estos temas y os recomendamos actualizar a las nuevas versiones Mozilla Firefox 1.0.3 y Mozilla 1.7.7 desde aquí.
Debajo del titular os pongo un detalle de las mismas
– moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code («chrome») being overly trusting of DOM nodes from the content window.
– A malicious script could define a setter function for a variable known to be used by a popular site, and if the user does browse to that site the malicious script will run in that page. This would allows the setter script to steal cookies or the contents of the page, or potentially perform actions on the user’s behalf (such as make purchases or delete webmail) depending heavily on how the site was designed.