Firefox 33 Released, Fixes Bugs

Wednesday, October 15, 2014 @ 04:10 PM gHale


Mozilla’s new Firefox 33 is out there fixing some security issues and bringing in stronger performance and usability improvements.

The security patches address critical vulnerabilities in the browser ranging from moderate to critical severity. The security advisory page for Firefox 33 lists three critical bugs, although one is a cumulative entry that includes multiple memory safety issues, some of which can lead to memory corruption and believed to be exploitable to execute arbitrary code on the affected machine.

RELATED STORIES
Adobe Fixes Flash Bugs
Patch Tuesday Fixes 3 Zero Days
Chrome 38 Fixes 159 Security Bugs
Patch Tuesday: IE Zero Day Fixed

Mozilla disclosed a critical out-of-bounds write vulnerability that reared its ugly head when buffering video in WebM format with frames with invalid tile sizes. Discovering the issue comes from Abhishek Arya from the Google Chrome security team, which he found using the Address Sanitizer tool.

Although the vulnerability affects the Firefox and Thunderbird email client, the company said “in general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled.”

Another severe bug is a use-after-free security glitch that appeared during text layout in interaction with text direction, leading to possible execution of arbitrary code.

Flaws marked as having a “high” impact include accessing cross-origin objects through the Alarms API, Web Audio memory corruption issues, buffer overflow when CSS ends up manipulated and continuous use of unintialized memory during repeated rendering of a malformed GIF.



Leave a Reply

You must be logged in to post a comment.