Mozilla Foundation updated its Firefox browser late Thursday, deploying fixes to 11 vulnerabilities, including six critical flaws, mostly JavaScript related, which could be used by an attacker to run arbitrary code and gain access to system files.

Firefox 3.0.11 patches critical memory corruption errors, a race condition and a JavaScript chrome privilege escalation. Most user browsers will be updated automatically to the latest version.

In its list of advisories, Mozilla said the JavaScript chrome privilege escalation allows scripts from page content to run with elevated privileges. Several memory corruption errors were fixed, stabilizing the browser engine.

"Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said.

Mozilla said a race condition existed, allowing an attacker to write to freed memory under a certain condition if a person navigated away from a webpage during the loading of a Java applet. The browser maker also repaired a condition in which event listeners may be executed within the wrong JavaScript context.

"An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges," Mozilla said. Less critical vulnerabilities included: CVE-2009-1834, CVE-2009-1835, CVE-2009-1839 and CVE-2009-1840.

(Source: cnet)