The Mozilla Foundation patches seven security flaws with version 22.214.171.124 of its Firefox browser. Four of them, rated “critical,” would allow attackers to install software on vulnerable computers.
RSA certificates are used to authenticate secure Web sites and digitally signed e-mail messages.
“Critical” is the highest level on Mozilla’s security scale. All Firefox users are urged to install the new version immediately.
Among the non-critical flaws, there are two that relate to “sub-frames.”
In one case, an attacker could use the pop-up blocker status bar to trick a user into believing that a blocked pop-up window came from a trusted site.
In another instance, a non-critical vulnerability could allow a user to be directed to a trusted site in a new window, where an attacker could use a sub-frame to steal entered data — placing passwords or credit card information, for example, at risk.
Thunderbird Impacted Too
Firefox will download the latest update automatically by default. It is also available via the browser’s auto-update feature or downloaded directly from theFirefox Web site.
Users of the Thunderbird e-mail application also are advised to install the Firefox update, since the two applications run on the same engine.