Firefox fixes "mouse hijack" bug

 

Gallery

By Barry Collins

Posted on 24 Sep 2008 at 11:50

Mozilla has issued a fix for five Firefox bugs, including a bizarre "mouse hijack" bug.

The two critical patches included in version 3.0.2 address a crash bug that could result in memory corruption and another involving privilege escalation via XPCnativeWrapper pollution.

Both could allow attackers to inject malware on to PCs, although there's no evidence the holes have actually been exploited.

Two other moderate issues were addressed in the patch, as well as a rather obscure flaw that could potentially allow hackers to hijack the user's mouse clicks.

"The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on," the Mozilla Security Advisory reads.

"This issue could potentially be used to force a user to download a file or perform other drag-and-drop actions." Not surprisingly, this issue was afforded a low priority.

Aside from bug patching, Mozilla is currently working on Firefox version 3.1, which the open-source foundation claims will narrow the JavaScript performance gap on Google's Chrome browser.