Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks. The latest Firefox 3.6.7 update includes fixes for nine critical issues that could be exploited to launch remote code execution attacks. Two of the 16 bugs are rated high risk while five carry a moderate severity rating. The fixes include a buffer overflow in Mozilla graphics code which consumes image data processed by libpng.
Source: https://threatpost.com/firefox-hit-drive-download-flaws-072110/74237/

