Mandriva Linux Security Advisory 2009:198: firefox


Security issues were identified and fixed in firefox 3.0.x:

Security researcher Juan Pablo Lopez Yacubian reported that an attacker
could call on an invalid URL which looks similar to a
legitimate URL and then use document.write() to place content within
the new document, appearing to have come from the spoofed location

Moxie Marlinspike reported a heap overflow vulnerability in the
code that handles regular expressions in certificate names. This
vulnerability could be used to compromise the browser and run arbitrary
code by presenting a specially crafted certificate to the client

Read More