Mozilla Firefox 10 had recently release it’s latest Mozilla Firefox 10 with nine firefox security fix, including five critical vulnerabilities.
One of the critical vulnerabilities opens users up to cross-site scripting attacks because the browser did not run proper security checks.
The flaw “allows for cross-site scripting attacks through web pages and Firefox extensions. The fix enables the Script Security Manager to force security checks on all frame scripts”, Mozilla explained
Other critical flaws fixed in Firefox 10 include: crash with malformed embedded XSLT stylesheets, potential memory corruption when decoding Off Vorbis files, child nodes from nsDOMAttribute still accessible after removal of nodes, and a miscellaneous category of memory safety hazards.
Under the miscellaneous category, Mozilla explained that its developers “identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”
In addition to fixing security flaws, Firefox 10 adds new built-in developer tools “that let developers change the look and feel of websites in real-time”,
Further, Mozilla improved Firefox add-on compatibility and simplified the update process for all users.