Mozilla Firefox Patch Fixes 15 Flaws

Mozilla has released patches to fix a number of vulnerabilities found on its Firefox web browser.

Tech news site Computer World reports, Mozilla has patched 15 flaws in its Firefox 3.6 web browser, out of which 11 have been rated as critical by the company. The critical bugs can allow hackers to run arbitrary code on a system if exploited.

A further two flaws were labelled as high on risk, and the other two were marked moderate and low respectively.

Mozilla has said that the Firefox DLL load hijacking bug, rated the most critical flaw to be patched in this update by a number of experts, could only be exploited on Windows XP systems.

"Firefox users on ... Vista [and later] were not vulnerable to this attack because dwmapi.dll legitimately exists in Vista and later versions and is successfully loaded by Firefox before attempting to load the planted DLL," read a Mozilla advisory.

Mozilla was alerted to four of the critical flaws by HP TippingPoint's Zero Day Initiative (ZDI), while David Huang and Collin Jackson, of Carnegie Mellon University's Silicon Valley-based CyLab revealed another to the company.