Seven vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

Seven vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

1) Stability bugs in the browser engine used in Firefox and Mozilla-based products. Crashes show evidence of memory corruption. Successful exploitation allows execution of arbitrary code.

2) Memory safety issues caused by bugs in liboggplay. Successful exploitation causes a crash and allows execution of arbitrary code.

Audio and video capabilities were added in version 3.5 so prior versions were not affected.

3) Integer overflow in Theora video library. Successful exploitation causes a crash and allows execution of arbitrary code.

Video capabilities were added in version 3.5 so prior versions were not affected.

Bugs were fixed upstream in Theora 1.1 (Thusnelda) but older version used in Firefox 3.5 needs patch.

4) Mozilla's NTLM implementation was vulnerable to reflection attacks. NTLM credential from one application could be forwarded to another arbitrary application via browser.

5) A page loaded over insecure protocol will receive SSL indicators near location bar, but will not have page content modified.

6) Content window retains reference via window.opener property. Can use reference to run arbitrary JavaScript code with chrome privileges.

7) GeckoActiveXObject exception messages can be used to enumerate COM objects and track browsing sessions.

Update to to version 3.5.6

1) Disable JavaScript until fixes are installed

-