Firefox 29 Includes 14 Security Fixes

Thursday, May 1, 2014 @ 06:05 PM gHale


Firefox 29 is now out and ready to go after taking care of 14 security issues in addition to adding in all the enhancements.

Of the 14 vulnerabilities, five are critical, six are high and three are moderate.

RELATED STORIES
Zero Day for Internet Explorer
Flaw in Chrome Speech Recognition API
Chrome Update Includes 31 Security Fixes
Security Fixes Highlight New Safari Release

The list of critical-impact security holes includes a use-after-free in nsHostResolve, a use-after-free in imgLoader when resizing images, a privilege escalation issue through the Web Notifications API, a use-after-free in the Text Track Manager for HTML video, and various memory safety hazards.

Tyson Smith, Jesse Schwartzentruber, Nils, Mariusz Mlynski, and Abhishek Arya gained credit for identifying and reporting the flaws. The memory safety hazards ended up identified by Mozilla’s internal security team.

The high-impact vulnerabilities are an XSS affecting history navigations, an out-of-bounds write bug in Cairo, a buffer overflow when using non-XBL object as XBL, memory corruption issues in Web Audio, and privilege escalation through the Mozilla Maintenance Service Installer.

In addition, Mozilla’s Boris Zbarsky found the debugger will work with some objects while bypassing XrayWrappers, leading to privilege escalation under certain circumstances.



Leave a Reply

You must be logged in to post a comment.