Firefox 36 Fixes Vulnerabilities

Thursday, February 26, 2015 @ 04:02 PM gHale

Mozilla released Firefox version 36 where the web browser integrates security fixes and continues the migration from 1024 RSA keys.

The developer dealt with six vulnerabilities labeled as high severity, six presenting a moderate risk and two flaws of little significance.

IE Hole Allows Attackers to Phish
Zero Day Abused in Sony Hack: Report
Sony: Risk Management in Real Time
Talk to Me: Elevating Security Awareness

The new build patches more than 16 vulnerabilities, three of the entries presenting a higher risk if exploited successfully; in one of the cases, the entry cumulated a set of ten memory safety bugs.

The memory-related glitches ended up discovered by developers at Mozilla, as well as community members, some of them also contributing with a fix for the problem.

Security researcher Paul Bandha reported a use-after-free vulnerability in the browser, which would lead to a potentially exploitable crash. It would trigger when running specific web content with IndexedDB interface to create an index.

Another critical vulnerability on the list of repairs in Firefox 36 is a buffer overflow triggered in the “libstagefright” library when playing an invalid MP4 video; the result would be allocation of an insufficiently large buffer for the content, leading to a crash that could end up exploited by an attacker.

Among the weaknesses with less damaging potential, is one that allowed an attacker to extract user information from a user readable file stored in a known local path. The exploit was possible with user interaction by manipulating the auto-complete feature in a form; the local file remains invisible, but its content delivers via the Document Object Model (DOM).

A security researcher revealed the update component in the web browser loaded DLL files from the local working folder or from the Windows temporary directories (Linux and OS X do not suffer from the issue), posing the risk of a malicious file “to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed.”

Mozilla developers also worked to remove an out-of-bounds write occurring when an improperly formatted SVG image file rendered; this would allow a potential attacker to read uninitialized memory.

Another flaw discovered by security researchers is a buffer underflow condition created when playing a badly formatted MP3 audio file. Successful exploitation of the glitch permits integration of parts of the Firefox memory into an MP3 stream that is accessible to scripts on a malicious page.

Leave a Reply

You must be logged in to post a comment.