The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application.The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said.While browser bug patches, even for critical flaws, have become somewhat routine, the latest alert highlights the fact that Firefox no longer has as clear an advantage over Microsoft’s Internet Explorer as it once did.According to security firm Secunia, Firefox and IE 7 have been affected by a similar number of advisories so far this year, though IE has been hit by more serious bugs than Firefox. In an advisory, Mozilla said the Firefox 2.0.0.4 and 1.5.0.12 update releases had fixed bugs that appeared to allow remote system access.“Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” the company stated. One bug involves Firefox’s JavaScript engine and could cause memory corruption and allow malicious code execution, Mozilla said.The Thunderbird e-mail client uses Firefox’s browser engine and is thus also vulnerable. However, since JavaScript is disabled by default in Thunderbird, users are unlikely to be affected, the company said.“We strongly discourage users from running JavaScript in mail,” the company said. The advisory added that it may be possible to exploit the memory corruption vulnerability through some means other than JavaScript, such as large images.Also fixed were an error in the “addEventListener” method, which could be exploited to inject script from one site into another, and a bug in the handling of XUL pop-ups that could allow spoofing of the location bar or other browser interface components.Secunia called the bugs “highly critical.”To date, Firefox has been affected by five vulnerabilities and IE 7 by six, according to Secunia’s statistics. Forty percent of the Firefox bugs remain unpatched, compared with 50 percent for IE 7. But only 13 percent of the Firefox bugs allowed system access, compared to 43 percent for IE 7, which is more closely integrated with Windows.Correspondingly, Secunia ranked 17 percent of the IE bugs as “extremely critical,” a status attained by none of the Firefox advisories.Forty percent of the Firefox advisories were “highly critical,” with the rest less serious. Along with IE 7’s 17 percent “extremely critical” bugs, 33 percent were “highly critical” and the others were less serious.—Matthew Broersma, Techworld.com Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe