Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.
One of yesterday’s patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago.
Nearly three-quarters of the vulnerabilities in Firefox 3.6 were rated “critical,” Mozilla’s highest threat ranking, representing bugs that hackers may be able to use to compromise a system running Firefox, then plant other malware on the machine. Of the remaining flaws, two were pegged as “high” and one each was judged “moderate” and “low.”
Last month, it was announced that several dozen Windows programs were flawed because they call code libraries — dubbed “dynamic-link libraries,” or “DLLs” — using only a filename instead of a full pathname, giving hackers a way to commandeer a PC by tricking the application into loading a malicious file with the same name as the required DLL.
Other researchers later estimated that more than 200 different programs could be exploited, including Firefox and other browsers from Google, Opera and Apple .
Apple patched Safari’s DLL load hijacking vulnerability on Tuesday around the same time that Mozilla released Firefox 3.6.9.