Mozilla has patched 12 vulnerabilities in the popular Firefox browser today, including an updated patch for the highly publicized "binary planting" issue that was initially patched last year.
8 of the vulnerabilities were rated "critical," meaning the bugs could be used to hijack a system. After the critical ones there were two "high," one "moderate" and finally a single "low."
PCAdvisor explains that the 'binary planting' vulnerability has also been called 'DLL load hijacking'.
Says the site: "Regardless of the term, the flaw existed in Windows applications that do not call DLLs (dynamic linked libraries) or executable files using a full path name. Instead, they rely on the filename alone. The latter can be exploited by attackers, who can trick the program into loading a malicious file with the same title as a required DLL or executable. If attackers can con users into visiting malicious websites or remote shared folders, or get them to plug in a USB drive, they can compromise a computer and infect it with malware."
Mozilla also recommends updating to the latest version of the browser if you have not already.
PCAdvisor explains that the 'binary planting' vulnerability has also been called 'DLL load hijacking'.
Says the site: "Regardless of the term, the flaw existed in Windows applications that do not call DLLs (dynamic linked libraries) or executable files using a full path name. Instead, they rely on the filename alone. The latter can be exploited by attackers, who can trick the program into loading a malicious file with the same title as a required DLL or executable. If attackers can con users into visiting malicious websites or remote shared folders, or get them to plug in a USB drive, they can compromise a computer and infect it with malware."
Mozilla also recommends updating to the latest version of the browser if you have not already.
