Andre Yoskowitz
21 Oct 2010 0:10
Mozilla has patched 12 vulnerabilities in the popular Firefox browser today, including an updated patch for the highly publicized "binary planting" issue that was initially patched last year.
8 of the vulnerabilities were rated "critical," meaning the bugs could be used to hijack a system. After the critical ones there were two "high," one "moderate" and finally a single "low."
PCAdvisor explains that the 'binary planting' vulnerability has also been called 'DLL load hijacking'.
Says the site: "Regardless of the term, the flaw existed in Windows applications that do not call DLLs (dynamic linked libraries) or executable files using a full path name. Instead, they rely on the filename alone. The latter can be exploited by attackers, who can trick the program into loading a malicious file with the same title as a required DLL or executable. If attackers can con users into visiting malicious websites or remote shared folders, or get them to plug in a USB drive, they can compromise a computer and infect it with malware."
Mozilla also recommends updating to the latest version of the browser if you have not already.