Don't Become a Victim of the Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability!

Don't Become a Victim of the Firefox 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability!

Firefox Vunerability


Presently, more and more people worldwide are getting access to the Internet, a global data communications system. The advantages of the Internet are known to a majority of people who are using it every day for numerous activities, such as business, communication, learning, news, etc. At first sight the Internet is striking and undoubtedly, this is why so many people are convinced or at least have heard that it has become the main target for criminals. Computer users send or receive information by using a web browser. This article is about the Mozilla Firefox browser which is available for multiple platforms.

Mozilla Firefox, casually called 'Firefox' is basically a free and open source web browser. It is a fast, full-featured Web browser with a streamlined browser window that displays a number of features that work with you to help you get the most out of your time online. Still, despite its amazing nature, Mozilla Firefox should be used safely. Unfortunately, it is prone to various types of vulnerabilities. A remote memory-corruption vulnerability announced at the end of April was discovered in the nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp Mozilla Firefox version 3.0.9.

This specific vulnerability can be exploited by remote attackers to compromise a user's system. If this type of vulnerability is exploited successfully, it will enable the attacker to execute arbitrary code within the context of the affected browser or crash the browser, denying service to legitimate users. This vulnerability is found in the 'nsTextFrame::ClearTextRun()' function of the 'layout/generic/nsTextFrameThebes.cpp' script. This security issue appears when the HTML Validator add-on is enabled. The vulnerability is caused by an unsuitable call to 'free()', which results in a pointer to point to deallocated memory. A remote user is able to design specially crafted HTML that, while loaded by the target user, will trigger a memory corruption error in nsTextFrame::ClearTextRun() and possibly execute arbitrary code on the target system. The code will run with the rights of the targeted user.halloween_demons_168.gif

Luckily, an update addressing this particular security issue was released by Mozilla! So, you shouldn't worry at all. If you have encountered this kind of vulnerability, all you have to do, is to upgrade your system to the latest update of the software program 3.0.10. The Mozilla Firefox 'nsTextFrame::ClearTextRun()' remote memory corruption vulnerability was rated as medium. Some of the file components of Mozilla Firefox include but are not limited to the following: FirefoxSetup2.0.0.1.exe, nsSessionStartup.js, nsUrlClassifierTable.js, nsMicrosummaryService.js, nsXmlRpcClient.js.

The Internet is a wonderful online global system which allows users to access huge amount of information. Still, there's no question that any web browsing software application should be absolutely safe. Therefore, Internet users should check their systems for vulnerabilities regularly. If a patch is made available, users are recommended by software vendors to update their installations as soon as possible. So if you don't want your system to become the target of hackers, you should be careful while visiting unreliable web pages and look after your system regularly.