Firefox 43: 21 Security Issues Fixed

Thursday, December 17, 2015 @ 05:12 PM gHale

Firefox 43 released and Mozilla fixed 21 security flaws and added feature improvements, including a 64-bit version for Windows, in the browser.

Firefox 43 resolves four vulnerabilities rated critical.

IE Ending Support for Older Versions
Chrome 47 Releases, Fixes Security Flaws
Edge Now Blocks Code Injection
IE Continues Flawed Life, Edge Taking Over

One of them, reported by Tsubasa Iinuma, can end up exploited for cross-site reading attacks by bypassing cross-origin restrictions using data: and view-source: URIs to confuse protections.

A use-after-free vulnerability in WebRTC can lead to a potentially exploitable crash, according to Looben Yang, who discovered the issue.

Mozilla developer Kris Maglione discovered a privilege escalation issue related to WebExtension APIs. The vulnerability can end up exploited to execute arbitrary code with the privileges of the affected WebExtension, which could lead to cross-site scripting (XSS) attacks and personal information theft.

Memory safety bugs found by Mozilla developers and community members also ended up with a critical rating.