From ComputerWorld

Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.                                           

One of yesterday's patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago.

Nearly three-quarters of the vulnerabilities in Firefox 3.6 were rated "critical," Mozilla's highest threat ranking, representing bugs that hackers may be able to use to compromise a system running Firefox, then plant other malware on the machine. Of the remaining flaws, two were pegged as "high" and one each was judged "moderate" and "low."

Four of the vulnerabilities were reported to Mozilla by HP TippingPoint's Zero Day Initiative (ZDI), the largest commercial bug bounty program, while another was handed to Mozilla's developers by David Huang and Collin Jackson, of Carnegie Mellon University's Silicon Valley-based CyLab.

[More...] [Comments...]