Many security vulnerabilities in Firefox 16 are being covered in an update of the browser software released by the Mozilla Foundation. This is the second time in the last two weeks that the web browser has had to be updated to handle security problems.
All the security issues are related to the “Location” object in the software. One of the flaws, when fused with some plug-ins, could be exploited to perform cross-site scripting attacks on users.
Those attacks commonly are exploited to infect Web applications at trusted websites and push malicious code to unsuspecting visitors of those sites.
An additional vulnerability takes the CheckURL procedure in the browser’s code, which could be forced to return a wrong value. Mozilla said this could be exploited in a cross-site scripting attack, or be used to execute arbitrary code to a browser add-on that interacts with the content on a page.
A third defect addressed by the update allowed the security wrapper on the Location object to be bypassed by a hacker.