from eWeek: Firefox Flaw Carries Code Execution Risk
A new version of the upstart Firefox Web browser has been released to patch a “critical” flaw that could lead to the execution of malicious code.
According to Mozilla, Firefox 1.5.0.3 fixes a publicly reported denial-of-service bug that can theoretically lead to a more serious security issue.
Mozilla described the flaw as crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on.
“This generally results in crashing the browser, but in theory references to deleted objects can be abused to run malicious code,” the open-source group said in an advisory.