Mozilla issued ten patches for its Firefox browser, including three for critical vulnerabilities, and has now released its latest version, 2.0.0.12.

 

One of the vulnerabilities found in the previous version of the Mozilla Firefox has been called the privilege escalation attack or remote code execution. Another of the vulnerabilities has been the MFSA 2008-06, is a problem in the way the browser handles images on certain Web pages. Using this flaw, hackers can exploit the victim’s machine to steal a person’s Web browsing history, forward that information, and then crash the browser. It may also be possible to run arbitrary code on a machine.

 

According to PC World report, Mozilla said about another problem, “We presume that, with enough effort, at least some of these could be exploited to run arbitrary code.” This is a memory corruption flaw.

 

The company has issued another update for a problem with Mozilla’s “chrome” protocol, the term Mozilla uses for its user interface. The problem involves applications that users can download, which extend browser functionality or some of Firefox’s add-ons. Using this vulnerability, an attacker can obtain can clues to how the victim’s machine could be compromised by determining what applications are installed on a person’s PC. But to take advantage of this flaw, the attacker first needs to take the victim to a malicious Web page designed to take advantage of the flaw.

 

Unlike other vendors, Mozilla labels vulnerabilities as “critical,” even when it’s not certain that an exploit could result in an attacker introducing malicious code.

 

The company also announced that final testing has started on Firefox 3.0 Beta 3, the most recent build of the major upgrade expected to ship in the next two months. If all goes according to plan, Mozilla said, Beta 3 will be released imminently.