Popular web browser Mozilla Firefox had released its update version in which Mozilla team have fixed 11 security vulnerabilities. In this 11 vulnerabilities 3 of them are critical, including a use-after-free vulnerability and a handful of memory safety issues.
Firefox have several use-after-free vulnerability but team have noted one critical on them. That bug lies in the DirectWrite font handling component of the browser.
Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to "run attacker code and install software, requiring no user interaction beyond normal browsing".
“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
Firefox have several use-after-free vulnerability but team have noted one critical on them. That bug lies in the DirectWrite font handling component of the browser.
Mozilla team says-
“Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash,”Below is the Full list of the security vulnerability that Mozilla team have fixed in its latest build of browser-
MFSA 2014-66 IFRAME sandbox same-origin access through redirectSecond critical vulnerability is an exploitable crash in the Cesium JavaScript library. The third critical bug is really a collection of various memory safety problems, some which could lead to memory corruption.
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
We also recommend our readers to update your Firefox browser. And for the security purpose always update your application.